Portable OpenSSH-2.5.2p2

Theo de Raadt deraadt at cvs.openbsd.org
Fri Mar 23 02:11:50 EST 2001

This is wrong.

> Security related changes:
> 	Improved countermeasure against "Passive Analysis of SSH
> 	(Secure Shell) Traffic"
> 	http://openwall.com/advisories/OW-003-ssh-traffic-analysis.txt
> 	The countermeasures introduced in earlier OpenSSH-2.5.x versions
> 	caused interoperability problems with some other implementations.
> 	Improved countermeasure against "SSH protocol 1.5 session
> 	key recovery vulnerability"
> 	http://www.core-sdi.com/advisories/ssh1_sessionkey_recovery.htm

2.5.2 does not really fix security issues in his area; 2.5.1 already
had them fixed.  However, it improves the interoperability problems
introduced in fixing them.  Which were found because 2.5.1 was released
with fixes... they would not have been found otherwise..

More information about the openssh-unix-dev mailing list