The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

OpenSSH 5.8/5.8p1 released February 4, 2011

Discussion in 'General Discussion' started by crazyaboutlinux, Mar 9, 2011.

  1. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    Hi,

    OpenSSH 5.8/5.8p1 released February 4, 2011

    OpenSSH 5.8 has just been released. It will be available from the
    mirrors listed at OpenSSH shortly.

    OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
    implementation and includes sftp client and server support.

    Once again, we would like to thank the OpenSSH community for their
    continued support of the project, especially those who contributed
    code or patches, reported bugs, tested snapshots or donated to the
    project. More information on donations may be found at:
    Donations to OpenSSH

    Changes since OpenSSH 5.7
    =========================

    Security:

    * Fix vulnerability in legacy certificate signing introduced in
    OpenSSH-5.6 and found by Mateusz Kocielski.

    Legacy certificates signed by OpenSSH 5.6 or 5.7 included data from
    the stack in place of a random nonce field. The contents of the stack
    do not appear to contain private data at this point, but this cannot
    be stated with certainty for all platform, library and compiler
    combinations. In particular, there exists a risk that some bytes from
    the privileged CA key may be accidentally included.

    A full advisory for this issue is available at:
    http://www.openssh.com/txt/legacy-cert.adv

    Portable OpenSSH Bugfixes:

    * Fix compilation failure when enableing SELinux support.

    * Do not attempt to call SELinux functions when SELinux is disabled.
    bz#1851

    Checksums:
    ==========

    - SHA1 (openssh-5.8.tar.gz) = 205dece2c8b41c69b082eb65320d359987aae25b
    - SHA1 (openssh-5.8p1.tar.gz) = adebb2faa9aba2a3a3c8b401b2b19677ab53f0de

    Reporting Bugs:
    ===============

    - Please read OpenSSH Problem Reports
    Security bugs should be reported directly to openssh@openssh.com

    OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
    Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and
    Ben Lindstrom.
     
  2. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    current is
     
  3. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    I'm not sure why this is a cPanel&WHM feature request. OpenSSH is maintained by your operating system vendor, not cPanel. I recommend contacting your OS vendor for updates.
     
  4. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    Is there any easy way to update it ??
     
  5. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Your OS Vendor likely already backported any security fixes but you may want to confirm. Any updates from your OS Vendor for OpenSSH are automatically retrieved and installed on your server when cPanel&WHM triggers OS updates. This is all done by default, but be mindful this is an option you can disable in the update settings in WHM.
     
  6. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,130
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello. Same here:

    Code:
    [root /]# ssh -V
    OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
    
    But according with yum, there is no need to upgrade those packages. I'm running on CentOS 4.9.
     
  7. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Since thread is about operating system functionality rather than a feature request for cPanel&WHM, I am going to move this to the cPanel&WHM discussions forum.
     
  8. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,130
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Fine. Then I repeat with my question in post #6. Can we assume that actually the last available updated package is from 2003?
     
  9. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    You would need to contact your Operating System vendor (CentOS in your case) for a detailed response if my summary response in post #5 is insufficiently explaining things for you.
     
  10. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    The package itself is from 2003, but it has patches in that package that include updates for security issues. To see the patches to the rpm, you can run the following command:

    Code:
    rpm -q --changelog openssl
    There are many prior threads about this issue, including the following:

    http://forums.cpanel.net/f5/whats-take-update-openssh-5-1-higher-170818.html#post708730
    http://forums.cpanel.net/f185/pci-scan-openssl-upgrade-173661.html#post726521
    http://forums.cpanel.net/f185/how-can-i-tell-if-my-cpanel-ssh-patched-162782.html#post681377
    http://forums.cpanel.net/f185/updating-openssl-145781.html#post619877

    The above are the ones just from this year where this exact same topic has been discussed.
     
  11. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,130
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Thank you guys. I don't feel comfy messing it up with openssh as it is a remote vps and don't want to risk to lose control or access if it is not sure or safe. The changelog obtained via rpm indicate all the patches till 2010, so may I assume they are indeed applied?
     
  12. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    me to, i also doesn't want to take any risk
     
  13. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    If a patch is listed, it is applied. It wouldn't be noted in the changelog otherwise. That is the purpose of the changelog.
     
  14. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,130
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Glad to know that ;)
    I thought that the published version number in the console command was indeed the actually installed version, without any other patch.
     
  15. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    The version doesn't change when something has been patched for rpms. The patches are in the changelog. A new version would indicate the already existing patches for security + additional coding changes.
     
  16. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,130
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Great. Thank you for the explanation :)
     
Loading...

Share This Page