Portable OpenSSH-2.5.2p2
Theo de Raadt
deraadt at cvs.openbsd.org
Fri Mar 23 02:11:50 EST 2001
This is wrong.
> Security related changes:
> Improved countermeasure against "Passive Analysis of SSH
> (Secure Shell) Traffic"
> http://openwall.com/advisories/OW-003-ssh-traffic-analysis.txt
>
> The countermeasures introduced in earlier OpenSSH-2.5.x versions
> caused interoperability problems with some other implementations.
>
> Improved countermeasure against "SSH protocol 1.5 session
> key recovery vulnerability"
> http://www.core-sdi.com/advisories/ssh1_sessionkey_recovery.htm
2.5.2 does not really fix security issues in his area; 2.5.1 already
had them fixed. However, it improves the interoperability problems
introduced in fixing them. Which were found because 2.5.1 was released
with fixes... they would not have been found otherwise..
More information about the openssh-unix-dev
mailing list