OpenSSH 8.1 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested snapshots or donated to the project. More information on donations may be found at: http://www.openssh.com/donations.html Security ======== * ssh(1), sshd(8), ssh-add(1), ssh-keygen(1): an exploitable integer overflow bug was found in the private key parsing code for the XMSS key type. This key type is still experimental and support for it is not compiled by default. No user-facing autoconf option exists in portable OpenSSH to enable it. This bug was found by Adam Zabrocki and reported via SecuriTeam's SSD program. * ssh(1), sshd(8), ssh-agent(1): add protection for private keys at rest in RAM against speculation and memory side-channel attacks like Spectre, Meltdown and Rambleed. This release encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large "prekey" consisting of random data (currently 16KB).
Gentoo allows usage of XMSS key type since commit fe902146e84a9b2beb8c1748d7735e5b38928e75 via USE flag "xmss" which is disabled by default.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0148cb4b99350b09cc7eaa229ad42d4b6009d0e9 commit 0148cb4b99350b09cc7eaa229ad42d4b6009d0e9 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2019-10-09 16:17:12 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2019-10-09 16:17:29 +0000 net-misc/openssh: fix integer overflows - Fix integer overflow in XMSS private key parsing - Fix an unreachable integer overflow similar to the XMSS case - Fix putty tests Closes: https://bugs.gentoo.org/493866 Bug: https://bugs.gentoo.org/697046 Package-Manager: Portage-2.3.76, Repoman-2.3.17 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> net-misc/openssh/Manifest | 1 + ...integer-overflow-similar-to-the-XMSS-case.patch | 76 ++++ ...eger-overflow-in-XMSS-private-key-parsing.patch | 14 + .../files/openssh-8.0_p1-fix-putty-tests.patch | 57 +++ net-misc/openssh/openssh-8.0_p1-r4.ebuild | 467 +++++++++++++++++++++ 5 files changed, 615 insertions(+)
We will move stable keywords shortly.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4c16aa18318891f1224dba19390ae85e22bde6f0 commit 4c16aa18318891f1224dba19390ae85e22bde6f0 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2019-10-09 20:39:25 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2019-10-09 20:39:43 +0000 net-misc/openssh: security cleanup Bug: https://bugs.gentoo.org/697046 Package-Manager: Portage-2.3.76, Repoman-2.3.17 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> net-misc/openssh/Manifest | 1 - net-misc/openssh/openssh-8.0_p1-r3.ebuild | 463 ------------------------------ 2 files changed, 464 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16a48f47227819cfb092a2579f6c4ba50a5dedcf commit 16a48f47227819cfb092a2579f6c4ba50a5dedcf Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2019-10-09 20:38:39 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2019-10-09 20:39:42 +0000 net-misc/openssh: move stable keywords Bug: https://bugs.gentoo.org/697046 Package-Manager: Portage-2.3.76, Repoman-2.3.17 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> net-misc/openssh/openssh-8.0_p1-r4.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
New GLSA request filed.
This issue was resolved and addressed in GLSA 201911-01 at https://security.gentoo.org/glsa/201911-01 by GLSA coordinator Aaron Bauman (b-man).
re-opened for cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=564f650e05897641af79a977599733c16dab7883 commit 564f650e05897641af79a977599733c16dab7883 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-04-21 11:29:28 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-04-21 11:29:49 +0000 net-misc/openssh: security cleanup Bug: https://bugs.gentoo.org/675522 Bug: https://bugs.gentoo.org/697046 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> net-misc/openssh/Manifest | 19 - .../files/openssh-7.3-mips-seccomp-n32.patch | 21 - .../files/openssh-7.5_p1-CVE-2017-15906.patch | 31 -- .../openssh/files/openssh-7.5_p1-GSSAPI-dns.patch | 351 ---------------- .../openssh/files/openssh-7.5_p1-cross-cache.patch | 39 -- .../files/openssh-7.5_p1-hpn-x509-10.2-glue.patch | 67 --- .../files/openssh-7.5_p1-s390-seccomp.patch | 27 -- .../openssh/files/openssh-7.5_p1-x32-typo.patch | 25 -- .../openssh/files/openssh-7.7_p1-GSSAPI-dns.patch | 351 ---------------- .../openssh/files/openssh-7.8_p1-GSSAPI-dns.patch | 359 ---------------- .../files/openssh-7.9_p1-CVE-2018-20685.patch | 16 - .../files/openssh-7.9_p1-X509-11.6-tests.patch | 12 - ...openssh-7.9_p1-X509-dont-make-piddir-11.6.patch | 16 - .../files/openssh-7.9_p1-X509-glue-11.6.patch | 28 -- .../files/openssh-7.9_p1-hpn-X509-glue.patch | 79 ---- .../openssh/files/openssh-7.9_p1-hpn-glue.patch | 112 ----- .../files/openssh-7.9_p1-hpn-openssl-1.1.patch | 91 ---- .../files/openssh-7.9_p1-hpn-sctp-glue.patch | 17 - .../openssh-7.9_p1-openssl-1.0.2-compat.patch | 13 - .../openssh/files/openssh-8.0_p1-GSSAPI-dns.patch | 359 ---------------- .../files/openssh-8.0_p1-X509-12.1-tests.patch | 11 - ...integer-overflow-similar-to-the-XMSS-case.patch | 76 ---- ...eger-overflow-in-XMSS-private-key-parsing.patch | 14 - .../files/openssh-8.0_p1-hpn-X509-glue.patch | 114 ----- .../openssh/files/openssh-8.0_p1-hpn-glue.patch | 194 --------- net-misc/openssh/files/openssh-8.0_p1-tests.patch | 43 -- net-misc/openssh/metadata.xml | 2 - net-misc/openssh/openssh-7.5_p1-r5.ebuild | 335 --------------- net-misc/openssh/openssh-7.7_p1-r10.ebuild | 445 -------------------- net-misc/openssh/openssh-7.9_p1-r5.ebuild | 468 --------------------- net-misc/openssh/openssh-8.0_p1-r5.ebuild | 465 -------------------- 31 files changed, 4200 deletions(-)
All done.