OpenSSH 5.2 Secured and Tuned
Even though the OpenSSH project emphasizes that the focus of 5.2 is bug fixes to the 5.1 version, 5.2 does contain some notable enhancements.
Security-wise the new OpenSSH version replaces cipher block chaining (CBC) mode as the default cipher order with the Advanced Encryption Standard (AES) Counter (CTR) mode to remove the susceptibility to "Plaintext Recovery Attack Against SSH." The software also adds other countermeasures to these attacks, as reported in CPNI Vulnerability Advisory SSH 957037. Last November it became clear that many versions of OpenSSH exposed up to 32 bits of plaintext ciphertext to attackers when the default CBC mode was in use. The solution in 5.2 was to read the maximum supported packet length instead of terminating the connection, thereby eliminating the leaks that allowed the plaintext recovery attacks.
Compared to OpenSSH 5.1, the updated version provides further command line options and minor functional enhancements. For example, the ssh -y option redirects logging to syslog and dynamic port forwarding was improved. The release changelog includes the list of fixed bugs.
OpenSSH emanates from the OpenBSD project, where a separate team focuses on OpenSSH's portability to different systems. The mirrors with the portable versions also include diffs against the OpenBSD source.
Issue 266/2023
Buy this issue as a PDF
Subscribe to our Linux newsletters
News
-
Alpine Linux 3.17 Now Available to the General Public
The developers of Alpine Linux have officially announced the release of the latest version of the security-focused Linux distribution.
-
The New StarFighter Linux Laptop Now Available for Preorder
A new, completely customizable Linux laptop is now available to preorder from Star Labs.
-
Critical Escalation Vulnerability Found in the Linux Kernel
A new local privilege escalation vulnerability has been discovered in the Linux kernel and users are encouraged to upgrade/patch immediately.
-
AlmaLinux 8.7 Now Available
The developers of AlmaLinux have released the latest version of the OS, named Stone Smilodon, to the general public.
-
New Arch-Based Linux Distribution Aims to be Beginner-Friendly
CachyOS has been created to serve as a Linux distribution for everyone, even while being based on the more complex Arch Linux.
-
elementary OS 7 Getting Closer to Release
The team behind elementary OS has announced they are now focused on putting the finishing touches on the next major release of the Linux distribution.
-
Nitrux 2.5 Released with Kernel 6.0 and KDE Plasma 5.26
Nitrux 2.5 has been officially released and is the first systemd-free distribution to include both kernel 6.0 and KDE Plasma 5.26.
-
Zorin OS 16.02 Now Available
Zorin OS 16.2 has been officially released just seven months after the first point release of the user-friendly Linux operating system.
-
Linus Torvalds Considers Dropping i486 Support
In a message to the Linux kernel mailing list, creator Linus Torvalds indicates that it's time to jettison support for i486 machines in with Linux kernel.
-
Firefox 106 Lands with Back-Forward Swipe Gesture Support
The latest release of Firefox is out, and it adds two important new features to the open source browser.