-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 06 Jul 2026 19:11:28 +0100 Source: openssh Architecture: source Version: 1:10.4p1-1 Distribution: unstable Urgency: medium Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> Changed-By: Colin Watson <cjwatson@debian.org> Closes: 1134814 1141420 Changes: openssh (1:10.4p1-1) unstable; urgency=medium . [ Sven Joachim ] * Make doc symlinks relative on upgrade from 1:10.3p1-5 (closes: #1141420). . [ Colin Watson ] * New upstream release: - SECURITY: sftp(1): when downloading files on the command-line using "sftp host:/path .", a malicious server could cause the file to be downloaded to an unexpected location. This issue was identified by the Swival Security Scanner. - SECURITY: scp(1): when copying files between two remote destinations, do not allow a malicious server to write files to the parent directory of the intended target directory. This issue was identified by the Swival Security Scanner. - SECURITY: sshd(8): when using the "internal-sftp" SFTP server implementation (this is not the default), long command lines were previously truncated silently after the 9th argument. If a security-relevant option was in the 10th or later position, it would be discarded. Reported by Steve Caffrey. - SECURITY: sshd(8): add a documentation note to mention that the GSSAPIStrictAcceptorCheck option is ineffective when the server is joined to a Windows Active Directory. Reported by Yarin Aharoni of Safebreach. - SECURITY: sshd(8): DisableForwarding=yes didn't override PermitTunnel=yes as it was documented to do. Note that PermitTunnel is not enabled by default. Reported independently by Huzaifa Sidhpurwala of Redhat and Marko Jevtic. - SECURITY: sshd(8): avoid a potential pre-authentication denial of service when GSSAPIAuthentication was enabled (this feature is off by default). This was not mitigated by MaxAuthTries, but would be penalised by PerSourcePenalties. This was reported by Manfred Kaiser of the milCERT AT (Austrian Ministry of Defence). - SECURITY: sshd(8): fix a number of cases where the minimum authentication delay was not being enforced. Reported by the Orange Cyberdefense Vulnerability Team. - SECURITY: ssh(1): fix a possible client-side use-after-free if the server changes its host key during a key reexchange. This was reported by Zhenpeng (Leo) Lin of Depthfirst. - All: add experimental support for a composite post-quantum signature scheme that combines ML-DSA 44 and Ed25519 as specified in draft-miller-sshm-mldsa44-ed25519-composite-sigs. This scheme is not enabled by default. To use it, you'll need to add it to HostKeyAlgorithms, PubkeyAcceptedAlgorithms, etc. Keys may be generated using "ssh-keygen -t mldsa44-ed25519". - ssh(1), sshd(8): replace the wildcard pattern matcher with an implementation based on an NFA. This avoids exponential worst-case behaviour for the old implementation. - ssh-agent(1): fix incorrect reply to "query" SSH_AGENTC_EXTENSION requests. - sshd(8): avoid sending observably different messages for valid vs invalid users in GSSAPIAuthentication (disabled by default). - ssh(1), sshd(8): fix several bugs that incorrectly classified bulk traffic as interactive. - ssh-keygen(1), ssh-add(1): skip unsupported key types when downloading resident keys from a FIDO token. Previously, downloads would abort when one was encountered. - ssh(1): fix a potential use-after-free on an error path if cipher_init() fails. - sshd(8): perform stricter encoding and validation of transport state passed between sshd privilege separation subprocesses. This somewhat further hardens the server against attacks on sshd-auth or sshd-session subprocesses. - ssh-agent(1): avoid possible runtime denial of service by enforcing some limits on the length of usernames in key use constraints. - sftp(1): fix two separate one-byte out-of-bounds reads, in SSH2_FXP_REALPATH and batch command processing. - sftp-server(8): disallow use of the copy-data extension to read and write to the same inode simultaneously. - ssh(1), sshd(8): avoid strlen(NULL) crash if an X11 channel was created before the x11-req SSH_MSG_CHANNEL_REQUEST was sent. - sftp(1), scp(1): avoid a situation where sftp_download() could get stuck in a loop if a broken server repeatedly returned zero length while reading a file. - ssh(1): avoid leaking DNS0x20 case-randomised names into names canonicalised using CanonicalizePermittedCNAMEs. - sftp-server(8): avoid truncation of pathnames passed to lstat() during SSH_FXP_REALPATH handling on systems where PATH_MAX is not the actual max. - ssh(1), sshd(8): correct arming of poll(2) event masks for some socket-type channels. - sshd(8): major refactor of sshd_config parsing and management code, to allow for more exact serialisation/deserialisation across privilege separation boundaries. - ssh-add(1): open connection to the agent only after getopt() processing has completed, to give options like "-v" a chance to display debug information about this operation. - sshd(8): differentiate between execution failures and a subsystem that was not found when logging why a subsystem failed to start. - All: use safer idioms for timegm(3) and mktime(3) error detection. - ssh(1), sshd(8): avoid accepting invalid cipher or MAC lists in config files or command-line arguments. This could cause runtime failures later. - ssh(1): fix NULL deref crash during pubkey auth when using a PEM style private key with no corresponding .pub key adjacent to it (closes: #1134814). - sshd(8): don't print an error message when trying to load a host private key when PKCS#11 keys are in use, as these don't need the private half on the filesystem. - All: don't use deprecated ERR_load_crypto_strings(). - ssh(1): properly report errors during configuration default setting. - ssh(1): use correct directive name (Match instead of Host) in error message. - sftp(1): fix "ls -ln" which was not correctly showing numeric UID/GIDs but rather user and group names. - sshd(8): avoid possible NULL dereference if an allocation fails during config parsing. - All: fix ineffective guards against loading overly large public keys in several places. - sftp(1): ensure file descriptors used by sftp to communicate to its ssh(1) subprocess don't leak into executed subprocesses (e.g. via "!"). - Sync fmt_scaled.c with OpenBSD upstream, picking up an exactness fix for large exponents. - sshd(8): remove duplicate sandbox entry for clock_gettime64. - Sync getrrsetbyname.c with OpenBSD upstream, picking up robustness fixes. - Fix a number of memory leaks on error paths in the portability code. - Revise the README.privsep documentation to reflect sshd's recent switch to a multi-binary model. Checksums-Sha1: df9f47c0f27ac289f28a014382b376c751b36030 3651 openssh_10.4p1-1.dsc ae8650a71cc52dbbd049519cee276ae6d65c2c4d 2321796 openssh_10.4p1.orig.tar.gz 024bbb98d37dc35c31a49144770c6e38bfe53829 833 openssh_10.4p1.orig.tar.gz.asc eba70bbacbe02995f7eeec31a1dd96a7cd7a8058 208228 openssh_10.4p1-1.debian.tar.xz Checksums-Sha256: 878de8e50995ae6a2eaad52c829036729c48a57a104d9ba32d558fb82096ee5e 3651 openssh_10.4p1-1.dsc ef6026dd2aea8d56059638d5d3262902c892ceba9f88395835e0d06d3fb63238 2321796 openssh_10.4p1.orig.tar.gz 9206329419c45245913ae42fd290e2ed5b1669df97d9cf0d3e28c06b63035e51 833 openssh_10.4p1.orig.tar.gz.asc 5c5d2f7ee53bef6f96355eab24062b82f226ead501dc3f8630f75202f662ca1f 208228 openssh_10.4p1-1.debian.tar.xz Files: e89a2b713609f72642c98c6a454c45e1 3651 net standard openssh_10.4p1-1.dsc c5fb91ded926b38e8956074cac2cd44f 2321796 net standard openssh_10.4p1.orig.tar.gz 105ff131214dc93a4892488bc80b444a 833 net standard openssh_10.4p1.orig.tar.gz.asc c9d6a49c9f1d34a9b0358f3860a9f1b2 208228 net standard openssh_10.4p1-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmpL+hEACgkQOTWH2X2G UAtBwBAAhHqb1L4vbgAc1c0LGWm+Ebx6zyCgxVhwa6kHyy/+L2NtUmPIpwSlmIdw TIbpnKfqVXgvvykMHqXQQOU8fWWt4Q715m4UGv6F0NgDNr7RKicND6DfIlDXdzCp dwNZFLkqLMIrn8+DzYoNcMN2nN1q62jQ+cVc4q13UvK4uUrxQSGrdAb6dr3zaoMR /Exj6aPD++Tf5JoOt+BDnqRln/hjhsqnN3NqJ1000PaRi4JzP0YmZOz1/40Ja0dm yQ6Xo6bg+hasGcMa4GYXdFXFqI6mVRGItZ1CZgCCG9kfvDtXnSzgCC3no7BgW0bU Iyt5EVlauSiEEePOnn+I9FK+PDmfL6n4CmV2/DM2btbpjFO9g3FjUGRADDA5H6Fo wE5cEmISiRKO28qjAFyNDpSDqzN1GDE9RKMCf/l5lZLetMl3/8rfkwDRD1L/A5qb 9tz1NyycIH4Qlpv7++WUXzFxLJyQptrGD6Fj6uPdC6mmCAeeo6yy6DwAm5NxtntG nD2CH8zzHxJ0oLY/6sM8cgEvNfuok6tCNdHeyLUpI8DZXi3tzJToH92yd7uzLt3m pMM/BY/t05GZ3HabhxOCJi7H/OOk1MwNaDtlJnG1AOkwuYXXUDmwbPGYvXiDjsC5 uJ9SE+LmTcrZ8a/ms24nuf38GPta4mLTDY5OHBUNk6Ixj707nRo= =LnvT -----END PGP SIGNATURE-----