openssh 1:6.9p1-1 source package in Ubuntu

Changelog

openssh (1:6.9p1-1) unstable; urgency=medium

  * New upstream release (http://www.openssh.com/txt/release-6.8):
    - sshd(8): UseDNS now defaults to 'no'.  Configurations that match
      against the client host name (via sshd_config or authorized_keys) may
      need to re-enable it or convert to matching against addresses.
    - Add FingerprintHash option to ssh(1) and sshd(8), and equivalent
      command-line flags to the other tools to control algorithm used for
      key fingerprints.  The default changes from MD5 to SHA256 and format
      from hex to base64.
      Fingerprints now have the hash algorithm prepended.  An example of the
      new format: SHA256:mVPwvezndPv/ARoIadVY98vAC0g+P/5633yTC4d/wXE
      Please note that visual host keys will also be different.
    - ssh(1), sshd(8): Experimental host key rotation support.  Add a
      protocol extension for a server to inform a client of all its
      available host keys after authentication has completed.  The client
      may record the keys in known_hosts, allowing it to upgrade to better
      host key algorithms and a server to gracefully rotate its keys.
      The client side of this is controlled by a UpdateHostkeys config
      option (default off).
    - ssh(1): Add a ssh_config HostbasedKeyType option to control which host
      public key types are tried during host-based authentication.
    - ssh(1), sshd(8): Fix connection-killing host key mismatch errors when
      sshd offers multiple ECDSA keys of different lengths.
    - ssh(1): When host name canonicalisation is enabled, try to parse host
      names as addresses before looking them up for canonicalisation.  Fixes
      bz#2074 and avoids needless DNS lookups in some cases.
    - ssh(1), ssh-keysign(8): Make ed25519 keys work for host based
      authentication.
    - sshd(8): SSH protocol v.1 workaround for the Meyer, et al,
      Bleichenbacher Side Channel Attack.  Fake up a bignum key before RSA
      decryption.
    - sshd(8): Remember which public keys have been used for authentication
      and refuse to accept previously-used keys.  This allows
      AuthenticationMethods=publickey,publickey to require that users
      authenticate using two _different_ public keys.
    - sshd(8): add sshd_config HostbasedAcceptedKeyTypes and
      PubkeyAcceptedKeyTypes options to allow sshd to control what public
      key types will be accepted (closes: #481133).  Currently defaults to
      all.
    - sshd(8): Don't count partial authentication success as a failure
      against MaxAuthTries.
    - ssh(1): Add RevokedHostKeys option for the client to allow text-file
      or KRL-based revocation of host keys.
    - ssh-keygen(1), sshd(8): Permit KRLs that revoke certificates by serial
      number or key ID without scoping to a particular CA.
    - ssh(1): Add a "Match canonical" criteria that allows ssh_config Match
      blocks to trigger only in the second config pass.
    - ssh(1): Add a -G option to ssh that causes it to parse its
      configuration and dump the result to stdout, similar to "sshd -T".
    - ssh(1): Allow Match criteria to be negated. E.g. "Match !host".
    - ssh-keyscan(1): ssh-keyscan has been made much more robust against
      servers that hang or violate the SSH protocol (closes: #241119).
    - ssh(1), ssh-keygen(1): Fix regression bz#2306: Key path names were
      being lost as comment fields (closes: #787776).
    - ssh(1): Allow ssh_config Port options set in the second config parse
      phase to be applied (they were being ignored; closes: #774369).
    - ssh(1): Tweak config re-parsing with host canonicalisation - make the
      second pass through the config files always run when host name
      canonicalisation is enabled (and not whenever the host name changes)
    - ssh(1): Fix passing of wildcard forward bind addresses when connection
      multiplexing is in use.
    - ssh-keygen(1): Fix broken private key conversion from non-OpenSSH
      formats.
    - ssh-keygen(1): Fix KRL generation bug when multiple CAs are in use.
  * New upstream release (http://www.openssh.com/txt/release-6.9):
    - CVE-2015-5352: ssh(1): When forwarding X11 connections with
      ForwardX11Trusted=no, connections made after ForwardX11Timeout expired
      could be permitted and no longer subject to XSECURITY restrictions
      because of an ineffective timeout check in ssh(1) coupled with "fail
      open" behaviour in the X11 server when clients attempted connections
      with expired credentials (closes: #790798).  This problem was reported
      by Jann Horn.
    - SECURITY: ssh-agent(1): Fix weakness of agent locking (ssh-add -x) to
      password guessing by implementing an increasing failure delay, storing
      a salted hash of the password rather than the password itself and
      using a timing-safe comparison function for verifying unlock attempts.
      This problem was reported by Ryan Castellucci.
    - sshd(8): Support admin-specified arguments to AuthorizedKeysCommand
      (closes: #740494).
    - sshd(8): Add AuthorizedPrincipalsCommand that allows retrieving
      authorized principals information from a subprocess rather than a
      file.
    - ssh(1), ssh-add(1): Support PKCS#11 devices with external PIN entry
      devices.
    - ssh-keygen(1): Support "ssh-keygen -lF hostname" to search known_hosts
      and print key hashes rather than full keys.
    - ssh-agent(1): Add -D flag to leave ssh-agent in foreground without
      enabling debug mode.
    - ssh(1), sshd(8): Deprecate legacy SSH2_MSG_KEX_DH_GEX_REQUEST_OLD
      message and do not try to use it against some 3rd-party SSH
      implementations that use it (older PuTTY, WinSCP).
    - ssh(1), sshd(8): Cap DH-GEX group size at 4Kbits for Cisco
      implementations as some would fail when attempting to use group sizes
      >4K (closes: #740307, LP: #1287222).
    - ssh(1): Fix out-of-bound read in EscapeChar configuration option
      parsing.
    - sshd(8): Fix application of PermitTunnel, LoginGraceTime,
      AuthenticationMethods and StreamLocalBindMask options in Match blocks.
    - ssh(1), sshd(8): Improve disconnection message on TCP reset.
    - ssh(1): Remove failed remote forwards established by multiplexing from
      the list of active forwards.
    - sshd(8): Make parsing of authorized_keys "environment=" options
      independent of PermitUserEnv being enabled.
    - sshd(8): Fix post-auth crash with permitopen=none (closes: #778807).
    - ssh(1), ssh-add(1), ssh-keygen(1): Allow new-format private keys to be
      encrypted with AEAD ciphers.
    - ssh(1): Allow ListenAddress, Port and AddressFamily configuration
      options to appear in any order.
    - sshd(8): Check for and reject missing arguments for VersionAddendum
      and ForceCommand.
    - ssh(1), sshd(8): Don't treat unknown certificate extensions as fatal.
    - ssh-keygen(1): Make stdout and stderr output consistent.
    - ssh(1): Mention missing DISPLAY environment in debug log when X11
      forwarding requested.
    - sshd(8): Correctly record login when UseLogin is set.
    - sshd(8): Add some missing options to sshd -T output and fix output of
      VersionAddendum and HostCertificate.
    - Document and improve consistency of options that accept a "none"
      argument: TrustedUserCAKeys, RevokedKeys, AuthorizedPrincipalsFile.
    - ssh(1): Include remote username in debug output.
    - sshd(8): Avoid compatibility problem with some versions of Tera Term,
      which would crash when they received the hostkeys notification message
      (<email address hidden>).
    - sshd(8): Mention ssh-keygen -E as useful when comparing legacy MD5
      host key fingerprints.
    - ssh(1): Clarify pseudo-terminal request behaviour and make manual
      language consistent.
    - ssh(1): Document that the TERM environment variable is not subject to
      SendEnv and AcceptEnv; bz#2386
    - sshd(8): Format UsePAM setting when using sshd -T (closes: #767648).
    - moduli(5): Update DH-GEX moduli (closes: #787037).
  * There are some things I want to fix before upgrading to 7.0p1, though I
    intend to do that soon.  In the meantime, backport some patches, mainly
    to fix security issues:
    - SECURITY: sshd(8): OpenSSH 6.8 and 6.9 incorrectly set TTYs to be
      world-writable.  Local attackers may be able to write arbitrary
      messages to logged-in users, including terminal escape sequences.
      Reported by Nikolay Edigaryev.
    - SECURITY: sshd(8): Fixed a privilege separation weakness related to
      PAM support.  Attackers who could successfully compromise the
      pre-authentication process for remote code execution and who had valid
      credentials on the host could impersonate other users.  Reported by
      Moritz Jodeit.
    - SECURITY: sshd(8): Fixed a use-after-free bug related to PAM support
      that was reachable by attackers who could compromise the
      pre-authentication process for remote code execution (closes:
      #795711).  Also reported by Moritz Jodeit.
    - CVE-2015-5600: sshd(8): Fix circumvention of MaxAuthTries using
      keyboard-interactive authentication (closes: #793616).  By specifying
      a long, repeating keyboard-interactive "devices" string, an attacker
      could request the same authentication method be tried thousands of
      times in a single pass.  The LoginGraceTime timeout in sshd(8) and any
      authentication failure delays implemented by the authentication
      mechanism itself were still applied.  Found by Kingcope.
    - Let principals-command.sh work for noexec /var/run.
  * Thanks to Jakub Jelen of Red Hat for Fedora's rebased version of the
    GSSAPI key exchange patch.
  * Document the Debian-specific change to the default value of
    ForwardX11Trusted in ssh(1) (closes: #781469).

 -- Colin Watson <email address hidden>  Thu, 20 Aug 2015 10:38:58 +0100