OpenSSH 4.5 available
The new version 4.5 of the open source SSH implementation OpenSSH is a bugfix only release and removes one single security related flaw. Specifically, it fixes a vulnerability in the privilege separation monitor that can lead to problems in the recognition of valid authentication attempts. The developers offered no more specific details in the release notes. Privilege separation serves to increase security in server services. A privileged parent process creates an unprivileged child process when needed and then monitors its work. Defined interfaces called sockets allow the child process to delegate specific operations back to the parent, such as authentication. Two non-security related flaws were also removed. These affect portability and compatibility with Solaris.
- Changes since OpenSSH 4.4:, release notes from OpenSSH