[arch-dev-public] [signoff] openssh-5.8p2-1

Gaetan Bisson bisson at archlinux.org
Tue May 3 04:23:39 CEST 2011

Dear all,

An upstream update to openssh is in [testing]; from the Changelog:

 * Fix local private host key compromise on platforms without host-
   level randomness support (e.g. /dev/random) reported by Tomas Mraz

   On hosts that did not have a randomness source configured in
   OpenSSL and were not configured to use EGD/PRNGd (using the
   --with-prngd-socket configure option), the ssh-rand-helper command
   was being implicitly executed by ssh-keysign with open file
   descriptors to the host private keys. An attacker could use
   ptrace(2) to attach to ssh-rand-helper and exfiltrate the keys.

   Most modern operating systems are not vulnerable. In particular,
   *BSD, Linux, OS X and Cygwin do not use ssh-rand-helper.

   A full advisory for this issue is available at:

There are other minor changes but they don't concern Arch.

Please test and signoff.


More information about the arch-dev-public mailing list