Home » Mailing list archives » openbsd-announce » 2008 » April » 3

Announce: OpenSSH 5.0 released

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Damien Miller <djm@...>
To: <announce@...>
Subject: Announce: OpenSSH 5.0 released
Date: Thursday, April 3, 2008 - 6:48 am

OpenSSH 5.0 has just been released. It will be available from the

mirrors listed at http://www.openssh.com/ shortly.


We apologise for any inconvenience resulting from this release

being made so shortly after 4.9. Unfortunately we only learned of

the below security issue from the public CVE report. The Debian

OpenSSH maintainers responsible for handling the initial report of

this bug failed to report it via either the private OpenSSH security

contact list (openssh@openssh.com) or the portable OpenSSH Bugzilla

(http://bugzilla.mindrot.org/).


We ask anyone wishing to report security bugs in OpenSSH to please use

the openssh@openssh.com contact and to practice responsible disclosure.


OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0

implementation and includes sftp client and server support.


Once again, we would like to thank the OpenSSH community for their

continued support of the project, especially those who contributed

code or patches, reported bugs, tested snapshots and purchased

T-shirts or posters.


T-shirt, poster and CD sales directly support the project. Pictures

and more information can be found at:

        http://www.openbsd.org/tshirts.html and

	http://www.openbsd.org/orders.html


For international orders use http://https.openbsd.org/cgi-bin/order

and for European orders, use http://https.openbsd.org/cgi-bin/order.eu


Changes since OpenSSH 4.9:

============================


Security:


 * CVE-2008-1483: Avoid possible hijacking of X11-forwarded connections

   by refusing to listen on a port unless all address families bind

   successfully.


Checksums:

==========


 - SHA1 (openssh-5.0.tar.gz) = 729fb3168edf6a68408223b5ed82e59d13b57c47

 - SHA1 (openssh-5.0p1.tar.gz) = 121cea3a730c0b0353334b6f46f438de30ab4928


Reporting Bugs:

===============


- please read http://www.openssh.com/report.html

  and http://bugzilla.mindrot.org/


OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,

Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and

Ben Lindstrom.
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
OpenBSD 3.6 pre-orders are activated, Todd C. Miller, (Thu Aug 26, 6:38 pm)
OpenBSD 3.4 End Of Life, Robert Nagy, (Sat Oct 30, 7:35 pm)
Announce: OpenSSH 4.3 released, Damien Miller, (Wed Feb 1, 8:30 am)
Announce: OpenSSH 4.5 released, Damien Miller, (Tue Nov 7, 2:40 pm)
Revised: OpenSSH security advisory: cbc.adv, Damien Miller, (Sun Nov 23, 5:58 pm)
Announce: OpenSSH 5.0 released, Damien Miller, (Thu Apr 3, 6:48 am)
OpenBSD 4.2 released Nov 1, 2007, Theo de Raadt, (Wed Oct 31, 10:16 pm)
OpenSSH Security Advisory (adv.channelalloc), Markus Friedl, (Thu Mar 7, 7:56 am)
4.6-stable ports, William Yodlowsky, (Wed Oct 21, 11:05 pm)
OpenBSD 3.1 Released!, Todd C. Miller, (Sun May 19, 5:03 pm)
Upcoming OpenSSH vulnerability, Theo de Raadt, (Mon Jun 24, 5:00 pm)
OpenSSH 3.6.1 released, Markus Friedl, (Tue Apr 1, 4:21 pm)
BSDCon Wiki Site, Nik Clayton, (Wed Sep 3, 2:21 pm)