ssh-1.2.27 is out.

From: Jonas Eriksson (jeat_private)
Date: Fri May 14 1999 - 02:25:23 PDT

Next message: John Daniele: "TGAD DoS"

Previous message: Mike Arnold: "pIRCH32/98 Exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ssh-1.2.27 is out, here is the changes since 1.2.26:

-cut-
Thu Apr 29 10:46:21 1999  Timo J. Rinne  <triat_private>

        * Replaced OSF1/C2 security support with more complete SIA
          (Security Integration Architecture).

Mon Feb 22 10:00:12 1999  Timo J. Rinne  <triat_private>

        * Added snprintf from ssh2.

        * Tatu's sprintf -> snprintf fixes.

        * Fixed potential buffer overflows.

        * Kerberos authentication disabled, if client is suid-root.
          This is the only way to avoid security problems that are
          in Kerberos rather than in ssh.

Wed Nov 25 00:04:11 1998  Tatu Ylonen  <yloat_private>

        * sshd.c (sgi_project_setup): patches from Luigi Pugnetti
          <luigiat_private>, Eivind Gjelseth <eivindat_private>,
          Randolph J. Herber <herberat_private>, Sevo Stille <sevoat_private>.

        * sshd.c (sgi_project_acct_on): patches from Vern Staats,
          staatsvrat_private

        * sshd.c (login_permitted): Added support for locked accounts on
          AIX.  Thanks to "Delius, Felix von"
          <Felix.von-Delius@dresdner-bank.com>.

        * login.c: Improvements for glibc 2.0.100+ from D.A. Harris
          <rodmurat_private>.

Tue Nov 24 23:27:20 1998  Tatu Ylonen  <yloat_private>

        * login.c: Removed assignment to ux.ut_exit.e_{termination,exit},
          because they are already zeroed and the assignment is causing
          problems on some platforms.

        * Fixed uninitialized variable err in sgi_project_setup (from
          Eivind Gjelseth <eivindat_private>).

        * ssh-agent.c: Fixed -D (from Ian Goldberg
<iangat_private>).

        * Fixed undefined __udiv_qrnnd bug on Solaris (reported by Karl
          Berry <karlat_private>).

        * Fixed a bug in idle timeouts (reported by "David
          M. Dandarnobody"@nowhere).

        * Fixed deattack.c on Cray (patch from Andreas Schott
          <schottat_private>).

        * Fixed x11 forwarding on SunOS 4.1.4 (gethostbyname bug, reported
          by Bradford Hull <bradat_private>.

        * Added snprintf from ssh2.  Changed most sprintfs to snprintf.

        * Fixed a hard-to-exploit security bug in Kerberos code.

        * Added length limitations in manu sprintfs.

Mon Jul 13 16:23:15 1998  Tero Kivinen  <kivinenat_private>

        * Removed extra ux.ut_syslen setting. Reported by Felix von
        Leitner <leitnerat_private>.

-cut-

-- Jonas Eriksson
   Sekure Security Research

Next message: John Daniele: "TGAD DoS"
Previous message: Mike Arnold: "pIRCH32/98 Exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:46:01 PDT