Ho lokolloa ha OpenSSH 9.3 ho phatlalalitsoe, ts'ebetsong e bulehileng ea moreki le seva bakeng sa ho sebetsa ho sebelisa liprothokholo tsa SSH 2.0 le SFTP. Mofuta o mocha o lokisa mathata a ts'ireletso:
- Phoso e utloahalang e ile ea fumanoa ts'ebelisong ea ssh-add ka lebaka leo, ha ho kenyelletsa linotlolo tsa likarete tse bohlale ho ssh-agent, lithibelo tse boletsoeng ho sebelisoa khetho ea "ssh-add -h" ha lia ka tsa fetisetsoa ho moemeli. Ka lebaka leo, ho ile ha eketsoa senotlolo ho moemeli, eo ho seng lithibelo tse neng li sebelisoa, ho lumella likhokahano feela ho tsoa ho mabotho a itseng.
- Ho na le ts'oaetso e bonts'itsoeng ts'ebelisong ea ssh e ka lebisang ho baleng data ho tsoa sebakeng sa stack kantle ho buffer e fanoeng ha o sebetsana le likarabo tse hlophisitsoeng ka ho khetheha tsa DNS, haeba maemo a VerifyHostKeyDNS a lumelletsoe faeleng ea tlhophiso. Bothata ke ts'ebetsong e hahiloeng ka har'a getrrsetbyname() ts'ebetso, e sebelisoang liphetolelong tse nkehang tsa OpenSSH tse hlophisitsoeng ntle le ho sebelisa laeborari ea kantle ea ldns (-with-ldns) le lits'ebetsong tse nang le lilaebrari tse tloaelehileng tse sa tšehetseng getrrsetbyname( ) letsa. Monyetla oa ho sebelisoa ha bofokoli, ntle le ho qala ho hana tšebeletso ho moreki oa ssh, ho nkoa e le ntho e ke keng ea etsahala.
Ntle le moo, o ka hlokomela ho ba kotsing ho laeborari ea libskey e kenyellelitsoeng ho OpenBSD, e sebelisoang ho OpenSSH. Bothata esale bo le teng ho tloha ka 1997 mme bo ka baka hore buffer ea stack e khaphatsehe ha e sebetsana le mabitso a baeti a hlophisitsoeng ka mokhoa o ikhethileng. Hoa hlokomeloa hore ho sa tsotellehe taba ea hore pontšo ea tlokotsi e ka qalisoa ka thōko ka OpenSSH, ha e le hantle ts'oaetso ha e na thuso, kaha e le hore e iponahatse, lebitso la moamoheli ea hlasetsoeng (/etc/hostname) le tlameha ho ba le ho feta. Litlhaku tse 126, 'me buffer e ka tlala litlhaku tse nang le zero code ('\0').
Liphetoho tseo e seng tsa ts'ireletso li kenyelletsa:
- Tšehetso e ekelitsoeng bakeng sa "-Ohashalg=sha1|sha256" parameter ho ssh-keygen le ssh-keyscan ho khetha SSHFP nugget display algorithm.
- sshd e kentse khetho ea "-G" ho hlalosa le ho bonts'a tlhophiso e sebetsang ntle le ho leka ho kenya linotlolo tsa poraefete ntle le ho etsa licheke tse ling, tse u lumellang hore u hlahlobe tlhophiso sethaleng pele ho moloko oa bohlokoa le ho tsamaisa cheke ke basebelisi ba se nang tokelo.
- sshd e ntlafatsa ho itšehla thajana sethaleng sa Linux ka ho sebelisa mekhoa ea ho sefa mohala oa seccomp le seccomp-bpf. Lifolakha tsa mmap, madvise le futex li kentsoe lethathamong la mehala e lumelletsoeng ea sistimi.
Source: opennet.ru