LWN.net Logo

Advertisement

TrustCommerce

E-Commerce & credit card processing - the Open Source way!

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Recent Features

Three short stories, all about Android

LWN.net Weekly Edition for February 4, 2010

Samba with Active Directory: getting closer

Security in the 20-teens

LWN.net Weekly Edition for January 28, 2010

Printable page
Archives Kernel Security Distributions Search
Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

OpenSSH 5.2 released

[Posted February 23, 2009 by jake]

OpenSSH 5.2 released
[Security] Posted Feb 23, 2009 17:10 UTC (Mon) by jake

OpenSSH 5.2 has been released with a focus on bug fixes. In particular, it addresses the plaintext recovery attack described in CPNI-957037 (which LWN covered last November). "This release also adds countermeasures to mitigate CPNI-957037-style attacks against the SSH protocol's use of CBC-mode ciphers. Upon detection of an invalid packet length or Message Authentication Code, ssh/sshd will continue reading up to the maximum supported packet length rather than immediately terminating the connection. This eliminates most of the known differences in behaviour that leaked information about the plaintext of injected data which formed the basis of this attack. We believe that these attacks are rendered infeasible by these changes." Click below for the full release announcement.

Full Story (comments: none)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds