OpenSSH is a free, open-source software suite of security-related network-level utilities based on the Secure Shell (SSH) protocol, which provides encrypted terminal connections between networked computers. It is widely used for secure remote login, file transfers (using the SCP protocol), and creating secure tunnels for other network connections.
The latest OpenSSH release, v9.2, fixes the “PermitRemoteOpen” issue, which specifies the destinations to which remote TCP port forwarding is permitted when RemoteForward is used as a SOCKS proxy.
After OpenSSH 8.7, the “PermitRemoteOpen” option ignored its first argument unless it was one of the special keywords “any” or “none,” resulting in the permission list failing to open if only one permission was specified.
The second addressed security issue is related to the DNS. More precisely, if the “CanonicalizeHostname” and “CanonicalizePermittedCNAMEs” options were enabled, and the libc resolver did not validate names in DNS responses, an attacker with control of DNS could include invalid characters in names added to known hosts files when they were updated.
Aside from the two security issues mentioned above, OpenSSH 9.2 fixes a memory issue found in the previous v9.1 related to a pre-authentication double-free memory fault.
Among other noteworthy changes, this release also brings several new features. For example, OpenSSH 9.2 adds channel inactivity timeouts via a new “ChannelTimeout” option, which allows channels that have not seen traffic in a specified timeframe to be closed automatically.
Of course, there are the expected bug fixes, with OpenSSH 9.2 addressing 12. Check out the release announcement for detailed information about them and everything else.