Manualshelf

HP-UX Secure Shell A.04.40.006 and A.04.40.007 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software
11121314151617181920
HP-UX Secure Shell A04.40.006 and A.04.40.007
Defects Fixed in OpenSSH 4.4p1
Chapter16
Defects Fixed in OpenSSH 4.4p1
Following important defects fixes in OpenSSH 4.4p1 are included in
HP-UX Secure Shell A.04.40.006 and A.04.40.007:
Fixed a pre-authentication denial of service that causes the sshd
daemon to spin until the login grace time expired.
Fixed an unsafe signal handler that can be exploited to perform a
pre-authentication denial of service.
Fixed a Generic Security Services Application Programming
Interface (GSSAPI) authentication abort that can be used to
determine the validity of usernames on some platforms.
Fixed inconsistent pointer checks reported by the Stanford SATURN
tool.
Fixed memory and file descriptor leaks reported by the Coverity
static analysis tool.
Table 2 lists the additional defects fixed in OpenSSH 4.4p1 that apply to
HP-UX Secure Shell Versions A.04.40.006 and A.04.40.007.
Table 2 Additional Defects Fixed in OpenSSH4.4p1
Bugzilla # Defect Description
Bugzilla #906
The syslog messages from sshd are lost.
Bugzilla #975 Kerberos authentication timing can leak
information about account validity.
Bugzilla #1129 The sshd daemon hangs for command-only
invocations because of fork or child signals.
Bugzilla #1138 Passphrase asked for but ignored if key file
permissions are too liberal.
Bugzilla #1156 The ssh-keygen tool does not handle DOS line
breaks.
Bugzilla #1159 The %u, %h, and %% options are not accepted inside
IdentityFile.