OpenSSH version 9.8 addresses a severe vulnerability in the sshd service.

Share it

The latest update from the OpenSSH project, version 9.8, has been unveiled and is now accessible for download from the official mirrors. This release specifically addresses a high-severity vulnerability (CVE-2024-6387) that was discovered in Portable OpenSSH versions 8.5p1 to 9.7p1.

One of the significant weaknesses that this update tackles is the potential for unauthorized execution of code with root privileges, primarily impacting 32-bit Linux systems equipped with ASLR.

Although there hasn’t been a demonstration of the exploit on 64-bit systems as of now, the risk factor remains, especially for systems lacking robust address space layout randomization (ASLR).

An essential fix in this version pertains to a logic flaw present in versions 9.5 through 9.7, which rendered the ObscureKeystrokeTiming feature ineffective. This particular vulnerability could enable passive eavesdroppers to intercept keystrokes, posing a significant threat, especially when confidential data like passwords are being entered.

As highlighted earlier this year, OpenSSH is set to discontinue support for the DSA signature algorithm by early 2025. In line with this, the current version has deactivated DSA keys by default due to their inherent vulnerabilities and outdated nature. Nevertheless, users still requiring DSA functionality can enable it by following specific build options outlined in the release notes.

Furthermore, OpenSSH 9.8 introduces a novel penalty mechanism within sshd that thwarts IPs displaying suspicious behaviors, including repetitive failed authentication attempts. This new feature is designed to fortify security measures and mitigate the risks associated with brute-force attacks.

Accompanying these security enhancements are various bug fixes across the suite of tools and a number of potentially incompatible alterations, such as the elimination of certain outdated features and modifications in server behavior.

Finally, the release pays close attention to system interoperability and build refinements aimed at ensuring broader compatibility with diverse systems and configurations. Notably, it bolsters the detection capabilities for OpenSSL setups and introduces adjustments to facilitate notifications for environments utilizing systemd.

To gain a comprehensive understanding of all modifications introduced in OpenSSH 9.8, refer to the detailed release announcement provided by the project.

Source: Linuxiac

🤞 Don’t miss these tips!

🤞 Don’t miss these tips!

Solverwp- WordPress Theme and Plugin