Siideynta OpenSSH 9.6 waa la daabacay, hirgelinta furan ee macmiilka iyo serverka si loogu shaqeeyo isticmaalka SSH 2.0 iyo SFTP borotokoolka. Nooca cusub wuxuu hagaajinayaa saddex arrimood oo amniga ah:
- Nuglaanta nidaamka SSH (CVE-2023-48795, "Weerar Terrapin"), kaas oo u oggolaanaya weerarka MITM inuu dib u soo celiyo isku xirka si uu u isticmaalo algorithms-ka xaqiijinta oo yaraada oo uu joojiyo ilaalinta weerarrada kanaalka ee dib u soo celiya talooyinka iyadoo la falanqeynayo dib u dhaca. inta u dhaxaysa furayaasha kiiboodhka . Habka weerarka waxaa lagu sifeeyay maqaal wareed gaar ah.
- Nuglaanta utility ssh taas oo u ogolaanaysa beddelka amarrada qolofka aan sabab lahayn iyada oo la adeegsanayo maaraynta soo gelida iyo qiimayaasha martida loo yahay oo ka kooban jilayaal gaar ah. Nuglaanta waa laga faa'iidaysan karaa haddii weeraryahanku uu xakameeyo soo galida iyo magaca martida loo gudbiyo ssh, ProxyCommand iyo LocalCommand dardaaranka, ama blocks "match exec" oo ay ku jiraan xarfo calaamad ah sida %u iyo % h. Tusaale ahaan, galida khaldan iyo martigeliyaha waxaa lagu bedeli karaa nidaamyada isticmaala submodules gudaha Git, maadaama Git aanu mamnuucin in la qeexo jilayaasha gaarka ah ee martida loo yahay iyo magacyada isticmaalaha. Nuglaan la mid ah ayaa sidoo kale ka muuqda libssh.
- Waxaa jiray cilad ku jirta wakiilka ssh-ka halkaas oo, markii lagu daray PKCS#11 furayaasha gaarka ah, xaddidaadaha ayaa lagu dabaqay kaliya furaha ugu horreeya ee ay soo celisay calaamadda PKCS#11. Arrintu ma saamayso furayaasha gaarka ah ee caadiga ah, calaamadaha FIDO, ama furayaasha aan xadidnayn.
Isbeddellada kale:
- Waxaa lagu daray "%j" beddelka ssh, iyadoo lagu ballaarinayo magaca martida loo yahay ee lagu qeexay dardaaranka ProxyJump.
- ssh waxay ku dartay taageerada dejinta ChannelTimeout dhinaca macmiilka, kaas oo loo isticmaali karo joojinta kanaalada aan shaqaynayn.
- Taageero lagu daray akhrinta ED25519 furayaasha gaarka ah ee qaabka PEM PKCS8 ee ssh, sshd, ssh-add iyo ssh-keygen (horay kaliya qaabka OpenSSH ayaa la taageeray).
- Kordhinta borotokoolka ayaa lagu daray ssh iyo sshd si dib loogala xaajoodo algorithms-ka saxeexa dhijitaalka ah ee xaqiijinta furaha dadweynaha ka dib marka la helo magaca isticmaalaha. Tusaale ahaan, addoo isticmaalaya kordhinta, waxaad si xushmad leh u isticmaali kartaa algorithmsyada kale ee la xidhiidha isticmaalayaasha adiga oo ku qeexaya PubkeyAcceptedAlgorithms ee block "Isticmalaha Match".
- Waxaa lagu daray borotokoolka kordhinta ssh-add iyo ssh-wakiilka si loo dejiyo shahaadooyinka marka la soo shubayo furayaasha PKCS#11, taasoo u oggolaanaysa shahaadooyinka la xidhiidha furayaasha gaarka ah ee PKCS#11 in loo isticmaalo dhammaan adeegyada OpenSSH ee taageera ssh-wakiilka, ma aha oo keliya ssh.
- Ogaanshaha la wanaajiyay ee calamada isku xidhaha ee aan la taageerin ama deganayn sida "-fzero-call-used-regs" ee qabiilka.
- Si loo xaddido mudnaanta nidaamka sshd, noocyada OpenSolaris ee taageera is dhexgalka getpflags() waxay isticmaalaan qaabka PRIV_XPOLICY halkii ay ka ahaan lahaayeen PRIV_LIMIT.
Source: opennet.ru