Decription: OpenSSH 7.3 has just been released. It will be available from the
mirrors listed at www.openssh.com shortly.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. OpenSSH also includes transitional support for the legacy SSH 1.3 and 1.5 protocols that may be enabled at compile-time.
This is primarily a bugfix release.
- Mitigate a potential denial-of-service attack against the system's crypt(3) function via sshd(8).
- Mitigate timing differences in password authentication
- Fix observable timing weakness in the CBC padding oracle countermeasures
- Improve operation ordering of MAC verification for Encrypt-then-MAC (EtM) mode transport MAC algorithms
- Add a ProxyJump option and corresponding -J command-line flag to allow simplified indirection through a one or more SSH bastions or "jump hosts".
- Add an IdentityAgent option to allow specifying specific agent sockets instead of accepting one from the environment.
- Allow ExitOnForwardFailure and ClearAllForwardings to be optionally overridden when using ssh -W. bz#2577
- Implement support for the IUTF8 terminal mode as per draft-sgtatham-secsh-iutf8-00.
- Add support for additional fixed Diffie-Hellman 2K, 4K and 8K groups from draft-ietf-curdle-ssh-kex-sha2-03.
- support SHA256 and SHA512 RSA signatures in certificates;
- Add an Include directive for ssh_config(5) files.
- Permit UTF-8 characters in pre-authentication banners sent from the server.
Recommended action: Upgrade openssh to the latest version.