-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 27 Dec 2016 18:01:46 +0000 Source: openssh Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: source Version: 1:7.4p1-1 Distribution: unstable Urgency: medium Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> Changed-By: Colin Watson <cjwatson@debian.org> Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot ssh - secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad ssh-krb5 - secure shell client and server (transitional package) Closes: 147201 419574 765630 848089 848714 848715 848716 848717 Changes: openssh (1:7.4p1-1) unstable; urgency=medium . * New upstream release (http://www.openssh.com/txt/release-7.4): - ssh(1): Remove 3des-cbc from the client's default proposal. 64-bit block ciphers are not safe in 2016 and we don't want to wait until attacks like SWEET32 are extended to SSH. As 3des-cbc was the only mandatory cipher in the SSH RFCs, this may cause problems connecting to older devices using the default configuration, but it's highly likely that such devices already need explicit configuration for key exchange and hostkey algorithms already anyway. - sshd(8): When a forced-command appears in both a certificate and an authorized keys/principals command= restriction, sshd will now refuse to accept the certificate unless they are identical. The previous (documented) behaviour of having the certificate forced-command override the other could be a bit confusing and error-prone. - sshd(8): Remove the UseLogin configuration directive and support for having /bin/login manage login sessions. - CVE-2016-10009: ssh-agent(1): Will now refuse to load PKCS#11 modules from paths outside a trusted whitelist (run-time configurable). Requests to load modules could be passed via agent forwarding and an attacker could attempt to load a hostile PKCS#11 module across the forwarded agent channel: PKCS#11 modules are shared libraries, so this would result in code execution on the system running the ssh-agent if the attacker has control of the forwarded agent-socket (on the host running the sshd server) and the ability to write to the filesystem of the host running ssh-agent (usually the host running the ssh client) (closes: #848714). - CVE-2016-10010: sshd(8): When privilege separation is disabled, forwarded Unix-domain sockets would be created by sshd(8) with the privileges of 'root' instead of the authenticated user. This release refuses Unix-domain socket forwarding when privilege separation is disabled (Privilege separation has been enabled by default for 14 years) (closes: #848715). - CVE-2016-10011: sshd(8): Avoid theoretical leak of host private key material to privilege-separated child processes via realloc() when reading keys. No such leak was observed in practice for normal-sized keys, nor does a leak to the child processes directly expose key material to unprivileged users (closes: #848716). - CVE-2016-10012: sshd(8): The shared memory manager used by pre-authentication compression support had a bounds checks that could be elided by some optimising compilers. Additionally, this memory manager was incorrectly accessible when pre-authentication compression was disabled. This could potentially allow attacks against the privileged monitor process from the sandboxed privilege-separation process (a compromise of the latter would be required first). This release removes support for pre-authentication compression from sshd(8) (closes: #848717). - SECURITY: sshd(8): Validate address ranges for AllowUser and DenyUsers directives at configuration load time and refuse to accept invalid ones. It was previously possible to specify invalid CIDR address ranges (e.g. user@127.1.2.3/55) and these would always match, possibly resulting in granting access where it was not intended. - ssh(1): Add a proxy multiplexing mode to ssh(1) inspired by the version in PuTTY by Simon Tatham. This allows a multiplexing client to communicate with the master process using a subset of the SSH packet and channels protocol over a Unix-domain socket, with the main process acting as a proxy that translates channel IDs, etc. This allows multiplexing mode to run on systems that lack file-descriptor passing (used by current multiplexing code) and potentially, in conjunction with Unix-domain socket forwarding, with the client and multiplexing master process on different machines. Multiplexing proxy mode may be invoked using "ssh -O proxy ...". - sshd(8): Add a sshd_config DisableForwarding option that disables X11, agent, TCP, tunnel and Unix domain socket forwarding, as well as anything else we might implement in the future. Like the 'restrict' authorized_keys flag, this is intended to be a simple and future-proof way of restricting an account. - sshd(8), ssh(1): Support the "curve25519-sha256" key exchange method. This is identical to the currently-supported method named "curve25519-sha256@libssh.org". - sshd(8): Improve handling of SIGHUP by checking to see if sshd is already daemonised at startup and skipping the call to daemon(3) if it is. This ensures that a SIGHUP restart of sshd(8) will retain the same process-ID as the initial execution. sshd(8) will also now unlink the PidFile prior to SIGHUP restart and re-create it after a successful restart, rather than leaving a stale file in the case of a configuration error. - sshd(8): Allow ClientAliveInterval and ClientAliveCountMax directives to appear in sshd_config Match blocks. - sshd(8): Add %-escapes to AuthorizedPrincipalsCommand to match those supported by AuthorizedKeysCommand (key, key type, fingerprint, etc.) and a few more to provide access to the contents of the certificate being offered. - ssh(1): Allow IdentityFile to successfully load and use certificates that have no corresponding bare public key. - ssh(1): Fix public key authentication when multiple authentication is in use and publickey is not just the first method attempted. - ssh(1): Improve reporting when attempting to load keys from PKCS#11 tokens with fewer useless log messages and more detail in debug messages. - ssh(1): When tearing down ControlMaster connections, don't pollute stderr when LogLevel=quiet. - sftp(1): On ^Z wait for underlying ssh(1) to suspend before suspending sftp(1) to ensure that ssh(1) restores the terminal mode correctly if suspended during a password prompt. - ssh(1): Avoid busy-wait when ssh(1) is suspended during a password prompt (LP: #1646813). - ssh(1), sshd(8): Correctly report errors during sending of ext-info messages. - sshd(8): Fix NULL-deref crash if sshd(8) received an out-of-sequence NEWKEYS message. - sshd(8): Correct list of supported signature algorithms sent in the server-sig-algs extension. - sshd(8): Fix sending ext_info message if privsep is disabled. - sshd(8): More strictly enforce the expected ordering of privilege separation monitor calls used for authentication and allow them only when their respective authentication methods are enabled in the configuration. - sshd_config(5): Use 2001:db8::/32, the official IPv6 subnet for configuration examples. - On environments configured with Turkish locales, fall back to the C/POSIX locale to avoid errors in configuration parsing caused by that locale's unique handling of the letters 'i' and 'I' (LP: #1638338). - contrib: Add a gnome-ssh-askpass3 with GTK+3 support. - sshd(8): Improve PRNG reseeding across privilege separation and force libcrypto to obtain a high-quality seed before chroot or sandboxing. * Apply "wrap-and-sort -at -f debian/control -f debian/tests/control". * Remove entries related to protocol 1 from the default sshd_config generated on new installations. * Remove some advice related to protocol 1 from README.Debian. * Start handling /etc/ssh/sshd_config using ucf. The immediate motivation for this is to deal with deprecations of options related to protocol 1, but something like this has been needed for a long time (closes: #419574, #848089): - sshd_config is now a slightly-patched version of upstream's, and only contains non-default settings (closes: #147201). - I've included as many historical md5sums of default versions of sshd_config as I could reconstruct from version control, but I'm sure I've missed some. - Explicitly synchronise the debconf database with the current configuration file state in openssh-server.config, to ensure that the PermitRootLogin setting is properly preserved. - UsePrivilegeSeparation now defaults to the stronger "sandbox" rather than "yes", per upstream. * Remove redundant "GSSAPIDelegateCredentials no" from ssh_config (already the upstream default), and document that setting ServerAliveInterval to 300 by default if BatchMode is set is Debian-specific (closes: #765630). * Build gnome-ssh-askpass with GTK+ 3 (LP: #801187). * When running regression tests under autopkgtest, use a non-root user with passwordless sudo. Checksums-Sha1: c26aadec70b3c4babde0ce5f9e0a67977f94448d 2944 openssh_7.4p1-1.dsc 2330bbf82ed08cf3ac70e0acf00186ef3eeb97e0 1511780 openssh_7.4p1.orig.tar.gz e2db107122dd929ac5f58654fbf9d574cc7410c6 154012 openssh_7.4p1-1.debian.tar.xz Checksums-Sha256: d352e9b3ab5db509ee02260cd5cf6be64cef6e991b8d0a33fc2e971d77a9c0d8 2944 openssh_7.4p1-1.dsc 1b1fc4a14e2024293181924ed24872e6f2e06293f3e8926a376b8aec481f19d1 1511780 openssh_7.4p1.orig.tar.gz a910e0eab89f886a0144819a3298e70c5ba0aa1ab3e05d1ac130a9479dd96fa9 154012 openssh_7.4p1-1.debian.tar.xz Files: bed2f83755abfe6c92039c20a4fff05d 2944 net standard openssh_7.4p1-1.dsc b2db2a83caf66a208bb78d6d287cdaa3 1511780 net standard openssh_7.4p1.orig.tar.gz a3cd7786136599d77d174197db551595 154012 net standard openssh_7.4p1-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Comment: Colin Watson <cjwatson@debian.org> -- Debian developer iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAlhirNsACgkQOTWH2X2G UAtJCA/+J/650u/zsWJ010q2xXYZtikw5Ns/Fyqmi3j5qtYKno6gD3g5Vv18F2ZB A4wy64s1p6Zzx0GftxCRHEz0ITb3LEgbJLYXNrywFE2qsa9D/aQUAN1O7R12kTlf QviJ4tRxD8MZs4VRPvHr36BhHgzbT69IX7oHsAxrXIHVfhTw+tBJKTohVBOhy3fA IQd8A08Lyc8HJsvX5NJ7HAb+h9IxmDW2Cn/xX/rYLefFlkrIobGupfHPRnBFHxuQ +QD/C4gnQYIAE1GNTX89id2D6/kCUwY7V3JrALfHQkVB+gRhUv9yrqB+lQchwUf0 31Ac5O2Fiufsks8ImCOwCIn3eevvNJzs/paVlDU3MWlT/GkR+idguxsdsYAwl0yB OZ3t8IIIunJrWfPs90U8twHl0u8KgzxwhGBjiYV92dquLn/DuSoByeYGgPCfmdrd K9r4WbaisxeucQMHIf1kTkjqoQe1z8l/Osi9BBvxJugjXtQ9ef6DknKAliQ4EbpN +kAdQcwWCEBSBcf5d83qldIWk8yJypu1LfrO0YZQRRbXoDu838lQ8lCbhpMKWU/z g/s4OVGIG0WzsCqTES4JZFe9JzQ+Lev4aAtP3U7UIYO+3/Xtb9OCz9yZDK40PqX4 B4D41u703Edk+qnCZ/GqiA6DkVFDi0hhgLmAdfd2bFVTjv/3iQs= =sJWw -----END PGP SIGNATURE-----