Home » Mailing list archives » openbsd-announce » 2002 » June » 26

OpenSSH 3.4 released

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Markus Friedl
Subject: OpenSSH 3.4 released
Date: Wednesday, June 26, 2002 - 7:40 am

OpenSSH 3.4 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.

OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.

We would like to thank the OpenSSH community for their continued
support and encouragement.


Changes since OpenSSH 3.3:
============================ 

Security Changes:
=================

  All versions of OpenSSH's sshd between 2.9.9 and 3.3
  contain an input validation error that can result in
  an integer overflow and privilege escalation.

  OpenSSH 3.4 fixes this bug.

  In addition, OpenSSH 3.4 adds many checks to detect 
  invalid input and mitigate resource exhaustion attacks.

  OpenSSH 3.2 and later prevent privilege escalation
  if UsePrivilegeSeparation is enabled in sshd_config.
  OpenSSH 3.3 enables UsePrivilegeSeparation by
  default.


Reporting Bugs:
===============

- please read http://www.openssh.com/report.html
  and http://bugzilla.mindrot.org/

OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller and Ben Lindstrom.
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
sparc64 flag day, Theo de Raadt, (Tue Mar 26, 10:42 am)
OpenSSH 3.2.3 released, Markus Friedl, (Thu May 23, 1:08 am)
OpenSSH 3.4 released, Markus Friedl, (Wed Jun 26, 7:40 am)
OpenBSD 3.1 End Of Life, Miod Vallat, (Thu Apr 17, 6:25 am)
OpenSSH 3.7 released, Markus Friedl, (Tue Sep 16, 5:06 am)
OpenBGPD 3.6 released, Henning Brauer, (Mon Nov 8, 9:08 am)
OpenBSD 4.3 released May 1, 2008, Theo de Raadt, (Wed Apr 30, 3:00 pm)