An buga sakin OpenSSH 9.3, buɗe aikace-aikacen abokin ciniki da sabar don aiki ta amfani da ka'idojin SSH 2.0 da SFTP. Sabuwar sigar tana gyara matsalolin tsaro:
- An gano kuskuren ma'ana a cikin ssh-add mai amfani saboda wanda, lokacin ƙara maɓallai don katunan wayo zuwa wakili na ssh, ƙuntatawa da aka ƙayyade ta amfani da zaɓin "ssh-add -h" ba a wuce ga wakili ba. A sakamakon haka, an ƙara maɓalli ga wakili, wanda ba a yi amfani da hani ba, yana ba da damar haɗi kawai daga wasu runduna.
- An gano wani rauni a cikin mai amfani na ssh wanda zai iya haifar da karanta bayanai daga wurin tari a waje da wurin da aka keɓe lokacin sarrafa abubuwan da aka tsara musamman na DNS, idan an kunna saitin VerifyHostKeyDNS a cikin fayil ɗin sanyi. Matsalar tana cikin ginannen aiwatar da aikin getrrsetbyname(), wanda ake amfani da shi a cikin nau'ikan OpenSSH mai ɗaukar hoto wanda aka haɗa ba tare da amfani da ɗakin karatu na ldns na waje ba (-with-ldns) kuma akan tsarin tare da daidaitattun ɗakunan karatu waɗanda basa goyan bayan sunan getrrsetby( ) kira. Yiwuwar yin amfani da raunin rauni, ban da fara ƙin sabis ga abokin ciniki na ssh, ana ƙididdige shi azaman mai yuwuwa.
Bugu da ƙari, zaku iya lura da lahani a cikin ɗakin karatu na libskey wanda aka haɗa a cikin OpenBSD, wanda ake amfani dashi a cikin OpenSSH. Matsalar tana nan tun 1997 kuma tana iya haifar da cikas lokacin da ake sarrafa sunayen da aka tsara na musamman. An lura cewa duk da cewa bayyanar rashin lafiyar za a iya farawa daga nesa ta hanyar OpenSSH, a aikace rashin lafiyar ba shi da amfani, tun da yake don bayyana kansa, sunan mai watsa shiri (/ sauransu / sunan mai masauki) dole ne ya ƙunshi fiye da Haruffa 126, kuma buffer na iya cika cikawa da haruffa tare da lambar sifili ('\0').
Canje-canje marasa tsaro sun haɗa da:
- Ƙara goyon baya ga ma'aunin "-Ohashalg=sha1|sha256" zuwa ssh-keygen da ssh-keyscan don zaɓar SSHFP nugget nuni algorithm.
- sshd ya kara wani zaɓi na "-G" don tantancewa da nuna tsarin aiki mai aiki ba tare da ƙoƙarin loda maɓallan sirri ba kuma ba tare da yin ƙarin bincike ba, wanda ke ba ku damar bincika saitin a matakin kafin ƙirƙirar maɓallin kuma gudanar da rajistan ta hanyar masu amfani marasa gata.
- sshd yana haɓaka keɓancewa akan dandamalin Linux ta hanyar amfani da seccomp da seccomp-bpf tsarin kiran tsarin tacewa. An ƙara tutoci don mmap, mahaukaci da futex zuwa jerin da aka yarda da kiran tsarin.
source: budenet.ru