Submitted by itefix on Wed, 22/03/2017 - 00:21
Copssh version 5.9.0 bundle contains latest versions of OpenSSH (7.5p1), OpenSSL (1.0.1k), Cygwin and GNU tools. Installers use now quoted service executable paths to avoid potential misuse of unquoted path vulnerabilities.
OpenSSH Security fixes:
- ssh(1), sshd(8): Fix weakness in CBC padding oracle countermeasures that allowed a variant of the attack fixed in OpenSSH 7.3 to proceed. Note that the OpenSSH client disables CBC ciphers by default, sshd offers them as lowest-preference options and will remove them by default entriely in the next release. Reported by Jean Paul Degabriele, Kenny Paterson, Martin Albrecht and Torben Hansen of Royal Holloway, University of London.
- sftp-client(1): [portable OpenSSH only] On Cygwin, a client making a recursive file transfer could be maniuplated by a hostile server to perform a path-traversal attack. creating or modifying files outside of the intended target directory. Reported by Jann Horn of Google Project Zero.
OpenSSL Security fixes:
- Truncated packet could crash via OOB read (CVE-2017-3731)
- BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
- Montgomery multiplication may produce incorrect results (CVE-2016-7055)