Mastouille

0 message0 participant0 message aujourd’hui

RavenOpenSSH 10.0 released with hybrid post-quantum algorithm mlkem768x25519-sha256 as default key agreement, new cipher preference list, new options, bug fixes<a href="https://www.openssh.com/releasenotes.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.openssh.com/releasenotes.html</a><a href="https://mastodon.bsd.cafe/tags/openssh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#openssh</a> <a href="https://mastodon.bsd.cafe/tags/openbsd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#openbsd</a> <a href="https://mastodon.bsd.cafe/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://mastodon.bsd.cafe/tags/secureshell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#secureshell</a> <a href="https://mastodon.bsd.cafe/tags/postquantumcryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#postquantumcryptography</a>

Agenda du LibreCourbevoie: Atelier SSH (Secure SHell), Le samedi 15 mars 2025 de 09h30 à 17h30. <a href="https://www.agendadulibre.org/events/31956" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.agendadulibre.org/events/31956</a> <a href="https://pouet.chapril.org/tags/logicielLibre" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#logicielLibre</a> <a href="https://pouet.chapril.org/tags/libre" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#libre</a> <a href="https://pouet.chapril.org/tags/starinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#starinux</a> <a href="https://pouet.chapril.org/tags/atelier" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#atelier</a> <a href="https://pouet.chapril.org/tags/ssh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ssh</a> <a href="https://pouet.chapril.org/tags/secureShell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#secureShell</a>

ティージェーグレェI submitted a Pull Request to update MacPorts' OpenSSH to 9.9p2 here: <a href="https://github.com/macports/macports-ports/pull/27712" rel="nofollow noopener noreferrer" target="_blank">https://github.com/macports/macports-ports/pull/27712</a> GitHub Continuous Integration checks are running. Hopefully they will be OK (Update 2 out of 3 have completed successfully, which is a good sign). I tested locally without issues, but I also build against LibreSSL locally, whereas GitHub CI and MacPorts' Build Bots I think default to OpenSSL. This release is to address some vulnerabilities identified by Qualys and other less critical bugs. More details from upstream here: <a href="https://www.openssh.com/releasenotes.html#9.9p2" rel="nofollow noopener noreferrer" target="_blank">https://www.openssh.com/releasenotes.html#9.9p2</a> Of particular note: " Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1 (inclusive) contained a logic error that allowed an on-path attacker (a.k.a MITM) to impersonate any server when the VerifyHostKeyDNS option is enabled. This option is off by default. * Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1 (inclusive) is vulnerable to a memory/CPU denial-of-service related to the handling of SSH2MSGPING packets. This condition may be mitigated using the existing PerSourcePenalties feature. Both vulnerabilities were discovered and demonstrated to be exploitable by the Qualys Security Advisory team. We thank them for their detailed review of OpenSSH." If I read everything correctly, these vulnerabilities primarily only impact the Portable OpenSSH releases (which is what MacPorts uses). However, OpenBSD has also issued the following errata to mitigate one of the issues as it also appears to impact OpenBSD users: "008: SECURITY FIX: February 18, 2025 All architectures sshd(8) denial of service relating to SSH2MSGPING handling. ssh(1) server impersonation when VerifyHostKeyDNS enabled. A source code patch exists which remedies this problem." Source code patch for OpenBSD here: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/008_ssh.patch.sig" rel="nofollow noopener noreferrer" target="_blank">https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/008_ssh.patch.sig</a> Having written as much, it appears as if the main OpenSSH version for OpenBSD is still 9.9, so I am not going to make a submission for undeadly.org Other editors reading this are welcome to though, I just kind of have a lot of other stuff on my plate at present. As usual, I also have too much going on in my life to want more responsibilities such as commit access within MacPorts, so it's up to someone else to merge it. <a href="https://snac.bsd.cafe?t=openssh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSSH</a> <a href="https://snac.bsd.cafe?t=macports" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MacPorts</a> <a href="https://snac.bsd.cafe?t=secureshell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SecureShell</a> <a href="https://snac.bsd.cafe?t=infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://snac.bsd.cafe?t=cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cryptography</a> <a href="https://snac.bsd.cafe?t=security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Security</a> <a href="https://snac.bsd.cafe?t=cve" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVE</a> <a href="https://snac.bsd.cafe?t=patchtuesday" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PatchTuesday</a> <a href="https://snac.bsd.cafe?t=opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSource</a> <a href="https://snac.bsd.cafe?t=openbsd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenBSD</a>

RavenOpenSSH 9.9 has been released with support for a new hybrid post-quantum key exchange, new sshd_config options, bug fixes<a href="https://www.openssh.com/releasenotes.html#9.9p1" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.openssh.com/releasenotes.html#9.9p1</a><a href="https://mastodon.bsd.cafe/tags/openssh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#openssh</a> <a href="https://mastodon.bsd.cafe/tags/secureshell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#secureshell</a> <a href="https://mastodon.bsd.cafe/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a>

Peter N. M. HansteenOpenSSH 9.9 released! <a href="https://www.undeadly.org/cgi?action=article;sid=20240921181110" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.undeadly.org/cgi?action=article;sid=20240921181110</a> <a href="https://mastodon.social/tags/openbsd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#openbsd</a> <a href="https://mastodon.social/tags/openssh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#openssh</a> <a href="https://mastodon.social/tags/ssh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ssh</a> <a href="https://mastodon.social/tags/secureshell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#secureshell</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a>

Peter N. M. HansteenOpenSSH introduces options to penalize undesirable behavior <a href="https://www.undeadly.org/cgi?action=article;sid=20240607042157" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.undeadly.org/cgi?action=article;sid=20240607042157</a> <a href="https://mastodon.social/tags/openbsd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#openbsd</a> <a href="https://mastodon.social/tags/openssh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#openssh</a> <a href="https://mastodon.social/tags/ssh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ssh</a> <a href="https://mastodon.social/tags/persourcepenalties" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#persourcepenalties</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://mastodon.social/tags/adaptivepenalty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#adaptivepenalty</a> <a href="https://mastodon.social/tags/secureshell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#secureshell</a>

Peter N. M. Hansteensshd(8) split into multiple binaries <a href="https://www.undeadly.org/cgi?action=article;sid=20240517092416" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.undeadly.org/cgi?action=article;sid=20240517092416</a> <a href="https://mastodon.social/tags/OpenBSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenBSD</a> <a href="https://mastodon.social/tags/ssh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ssh</a> <a href="https://mastodon.social/tags/sshd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sshd</a> <a href="https://mastodon.social/tags/sshd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sshd</a>-session <a href="https://mastodon.social/tags/privsep" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privsep</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://mastodon.social/tags/secureshell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#secureshell</a>

IT NewsSSH backdoor has infected 400,000 Linux servers over 15 years and keeps on spreading - Enlarge (credit: BeeBright / Getty Images / iStockphoto) Infra... - <a href="https://arstechnica.com/?p=2024591" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://arstechnica.com/?p=2024591</a> <a href="https://schleuss.online/tags/uncategorized" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#uncategorized</a> <a href="https://schleuss.online/tags/secureshell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#secureshell</a> <a href="https://schleuss.online/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://schleuss.online/tags/openssh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#openssh</a> <a href="https://schleuss.online/tags/biz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#biz</a>⁢ <a href="https://schleuss.online/tags/ebury" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ebury</a> <a href="https://schleuss.online/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#linux</a> <a href="https://schleuss.online/tags/ssh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ssh</a>

ティージェーグレェI submitted a PR to update MacPorts' OpenSSH to 9.6p1 here:<a href="https://github.com/macports/macports-ports/pull/21834" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/macports/macports-ports/pull/21834</a>CI checks passed. It's up to someone else with commit access to merge it.<a href="https://rap.social/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSSH</a> <a href="https://rap.social/tags/MacPorts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MacPorts</a> <a href="https://rap.social/tags/SecureShell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SecureShell</a> <a href="https://rap.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSource</a> <a href="https://rap.social/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Security</a> <a href="https://rap.social/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSSH</a>

ITSec News deutschSchwache Secure-Shell-Schlüssel erhöhen die Wahrscheinlichkeit einer Schlüsselduplikation. GitHub und Azure DevOps haben sie inzwischen widerrufen. <a href="https://www.heise.de/news/Sicherheitsluecke-Axosoft-warnt-Azure-DevOps-und-GitHub-vor-schwachen-SSH-Keys-6215308.html" rel="nofollow noopener noreferrer" target="_blank">Sicherheitslücke: Axosoft warnt Azure DevOps und GitHub vor schwachen SSH-Keys</a>

Recherches récentes

Options de recherche

Administré par :

Statistiques du serveur :

#secureshell