Copssh update - 6.1.0 (SECURITY)

itefix's picture


Copssh version 6.1.0 comes with the latest versions of OpenSSH (7.6) and LibreSSL (2.5.5). We have also updated the Cygwin and GNU Tools to their latest available versions.

Security issue:

  • sftp-server(8): in read-only mode, sftp-server was incorrectly permitting creation of zero-length files. Reported by Michal Zalewski.

Potentially-incompatible changes in OpenSSH:

This release includes a number of changes that may affect existing configurations:

  • ssh(1): delete SSH protocol version 1 support, associated  configuration options and documentation.
  • ssh(1)/sshd(8): remove support for the hmac-ripemd160 MAC.
  • ssh(1)/sshd(8): remove support for the arcfour, blowfish and CAST ciphers.
  • Refuse RSA keys <1024 bits in length and improve reporting for keys that do not meet this requirement.
  • ssh(1): do not offer CBC ciphers by default.