|
|
Subscribe / Log in / New account

OpenSSH 8.0 released

OpenSSH 8.0 released

[Development] Posted Apr 18, 2019 13:11 UTC (Thu) by jake

OpenSSH 8.0 has been released with a bunch of new features and some bug fixes, including one for a security problem: "This release contains mitigation for a weakness in the scp(1) tool and protocol (CVE-2019-6111): when copying files from a remote system to a local directory, scp(1) did not verify that the filenames that the server sent matched those requested by the client. This could allow a hostile server to create or clobber unexpected local files with attacker-controlled content. This release adds client-side checking that the filenames sent from the server match the command-line request, The scp protocol is outdated, inflexible and not readily fixed. We recommend the use of more modern protocols like sftp and rsync for file transfer instead."

Full Story (comments: 30)


Copyright © 2019, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds