Home / vulnerabilities openssh45.txt
Posted on 09 November 2006
Source : packetstormsecurity.org Link
OpenSSH 4.5 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots and purchased
T-shirts or posters.
T-shirt, poster and CD sales directly support the project. Pictures
and more information can be found at:
http://www.openbsd.org/tshirts.html and
http://www.openbsd.org/orders.html
For international orders use http://https.openbsd.org/cgi-bin/order
and for European orders, use http://https.openbsd.org/cgi-bin/order.eu
Changes since OpenSSH 4.4:
============================
This is a bugfix only release. No new features have been added.
Security bugs resolved in this release:
* Fix a bug in the sshd privilege separation monitor that weakened its
verification of successful authentication. This bug is not known to
be exploitable in the absence of additional vulnerabilities.
This release includes the following non-security fixes:
* Several compilation fixes for portable OpenSSH
* Fixes to Solaris SMF/process contract support (bugzilla #1255)
Thanks to everyone who has contributed patches, reported bugs and
tested releases.
Checksums:
==========
- SHA1 (openssh-4.5.tar.gz) = def3de1557181062d788695b9371d02635af39fb
- SHA1 (openssh-4.5p1.tar.gz) = 2eefcbbeb9e4fa16fa4500dec107d1a09d3d02d7
Reporting Bugs:
===============
- please read http://www.openssh.com/report.html
and http://bugzilla.mindrot.org/
OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and
Ben Lindstrom.