OpenSSH 5.9 arrives
The OpenSSH development team has announced the release of version 5.9 of its open source SSH (Secure Shell) implementation. Compared to the OpenSSH 5.8 release from 7 months ago, which was primarily a security update, the latest update includes a wider variety of changes including the addition of new SHA256-based HMAC (Hash-based Message Authentication Code) transport integrity modes.
To prevent a compromised privsep (privilege separation) child from being used to attack other hosts, sandboxing has been introduced through an optional mode that enables mandatory restrictions on the system calls (syscalls) which the privsep child can perform. The developers note that the sandboxing of the privsep child process is "currently experimental but should become the default in a future release".
Key comments are now retained when loading v.2 keys and warning messages are displayed when a server refuses X11 forwarding. The portable version of OpenSSH has also received a number of bug fixes.
More details about the update, including a full list of changes and bug fixes, can be found in the release notes. OpenSSH 5.9 is available to download from the project's FTP mirrors. Released under the BSD licence, OpenSSH is developed by the OpenBSD project and funded by donations.