In association with heise online

07 February 2011, 12:08

OpenSSH 5.8 addresses legacy certificate signing vulnerability

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

OpenSSH Logo Less than two weeks after OpenSSH 5.7 arrived, the OpenSSH development team has released version 5.8 / 5.8p1 of its open source SSH (Secure Shell) implementation. According to the developers, the latest update addressees a legacy certificate signing vulnerability that was introduced in OpenSSH 5.6 which could lead to "leaking confidential information". Users that are unable to update to the latest release are advised to avoid generating legacy certificates using OpenSSH 5.6 or 5.7 – legacy certificates are requested by using the "-t" command line option on the ssh-keygen.

A number of bugs have also been fixed in the portable version of OpenSSH. The developers ask that any further bugs found in the release are reported following the procedure outlined on the OpenSSL bug report page – security bugs should be reported directly to openssh@openssh.com. All users are advised to upgrade to the latest release.

More details about the release can be found in the release notes and in the official security advisory. OpenSSH 5.8 is available to download from one of the project's FTP mirrors. OpenSSH is made available under a BSD licence and is funded through donations.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-1184503
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit