ANNOUNCE: LSH-2.0.1, fix for denial of service bug
Niels Möller
nisse at lysator.liu.se
Wed Mar 16 21:53:23 CET 2005
This is a bugfix release, which is fairly important since it fixes a
denial of service bug in lshd (and also in lsh, but that's probably of
less importance).
News for the 2.0.1 release
Fixed denial of service bug in lshd.
Fixed a bug in lsh-make-seed, which could make the program go
into an infinite loop on read errors.
lsh now asks for passwords also in quite (-q) mode, as
described in the manual.
Control character filtering used to sometimes consider newline
as a dangerous control character. Now newlines should be
displayed normally.
Removed support for the non-standard alias
"diffie-hellman-group2-sha1". The standardized name is for
this key exchange method is "diffie-hellman-group14-sha1".
Since it's a small update, I'm also distributing a patch file.
Available at
http://www.lysator.liu.se/~nisse/archive/lsh-2.0.1.tar.gz
ftp://ftp.lysator.liu.se/pub/security/lsh/lsh-2.0.1.tar.gz
http://www.lysator.liu.se/~nisse/archive/lsh-2.0-2.0.1.diff.gz
ftp://ftp.lysator.liu.se/pub/security/lsh/lsh-2.0-2.0.1.diff.gz
Regards,
/Niels
More information about the lsh-bugs
mailing list