Copssh update - 6.1.0 (SECURITY)


Copssh version 6.1.0 comes with the latest versions of OpenSSH (7.6) and LibreSSL (2.5.5). We have also updated the Cygwin and GNU Tools to their latest available versions.

Security issue:

  • sftp-server(8): in read-only mode, sftp-server was incorrectly permitting creation of zero-length files. Reported by Michal Zalewski.

Potentially-incompatible changes in OpenSSH:

This release includes a number of changes that may affect existing configurations:

  • ssh(1): delete SSH protocol version 1 support, associated  configuration options and documentation.
  • ssh(1)/sshd(8): remove support for the hmac-ripemd160 MAC.
  • ssh(1)/sshd(8): remove support for the arcfour, blowfish and CAST ciphers.
  • Refuse RSA keys <1024 bits in length and improve reporting for keys that do not meet this requirement.
  • ssh(1): do not offer CBC ciphers by default.