OpenSSH Releases v7.0 To Patch Security Issues

OpenSSH has released v7.0 of their popular SSH implementation. This version resolves 2 issues (1x use-after-free (defined) and 1x privilege separation weakness) in the portable version of OpenSSH and 2 further issues in the standard version.

Of the 2 remaining issues, one is a fix for the issue that I previously discussed regarding how keyboard-interactive logins can be used misused to brute-force your password. The remaining issue involves resolving an issue that could allow local attackers to write arbitrary messages to logged-in users.

Another change in this new release of OpenSSH is that this release also resolves the Logjam security issue by rejecting 1024-bit diffie hellman key exchanges.

You can install this update by using your Linux package manager to download the necessary files for your version of OpenSSH. Steps to do this for popular Linux distributions are provided on the “Protecting Your PC” of this blog. Additionally this FAQ (from the OpenBSD website) may be of assistance.

If you use OpenSSH, please install the appropriate update when you can. If OpenSSH is installed on a critical production system or systems that contain your critical data, please back up your data before installing this update in order to prevent data loss in the rare event that an update causes unexpected issues.

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s