A new version of OpenSSH has been released, fixing four security vulnerabilities and a number of non-security related bugs.
OpenSSH 7.0 includes patches for a use-after-free vulnerability and three other flaws, two of which only affect Portable OpenSSH. The maintainers of the software also gave users notice that the next version of the software would deprecate several old ciphersuites and cryptographic algorithms that are no longer considered safe.
One of the vulnerabilities patched in version 7.0 is an issue with the way OpenSSH handles some authentication requests.
“By specifying a long, repeating keyboard-interactive “devices” string, an attacker could request the same authentication method be tried thousands of times in a single pass. The LoginGraceTime timeout in sshd(8) and any authentication failure delays implemented by the authentication mechanism itself were still applied,” the release notes say.
One of the bugs that affects only Portable OpenSSH is a use-after-free that could lead to remote code execution.
“Fixed a use-after-free bug related to PAM support that was reachable by attackers who could compromise the pre-authentication process for remote code execution,” the advisory says.
The second vulnerability in Portable OpenSSH also could lead to remote code execution.
“Fixed a privilege separation weakness related to PAM support. Attackers who could successfully compromise the pre-authentication process for remote code execution and who had valid credentials on the host could impersonate other users,” the advisory says.
In OpenSSH 7.1, the maintainers plan to remove a number of problematic cryptographic algorithms and ciphers. Among the changes to be made are:
* Refusing all RSA keys smaller than 1024 bits (the current minimum is 768 bits)
* Several ciphers will be disabled by default: blowfish-cbc, cast128-cbc, all arcfour variants and the rijndael-cbc aliases for AES.
* MD5-based HMAC algorithms will be disabled by default.
In the just-released version 7.0, there are a number of cryptographic changes, as well. The software disables 1024-bit diffie-hellman-group1-sha1 key exchange by default and also drops support for the old SSH version 1 protocol.
