OpenSSH 9.2 Released, Fixes Three Security Issues

OpenSSH 9.2 is a bug-fix release that fixes three non-critical security issues and introduces several new features.

OpenSSH is a free, open-source software suite of security-related network-level utilities based on the Secure Shell (SSH) protocol, which provides encrypted terminal connections between networked computers. It is widely used for secure remote login, file transfers (using the SCP protocol), and creating secure tunnels for other network connections.

The latest OpenSSH release, v9.2, fixes the “PermitRemoteOpen” issue, which specifies the destinations to which remote TCP port forwarding is permitted when RemoteForward is used as a SOCKS proxy.

After OpenSSH 8.7, the “PermitRemoteOpen” option ignored its first argument unless it was one of the special keywords “any” or “none,” resulting in the permission list failing to open if only one permission was specified.

The second addressed security issue is related to the DNS. More precisely, if the “CanonicalizeHostname” and “CanonicalizePermittedCNAMEs” options were enabled, and the libc resolver did not validate names in DNS responses, an attacker with control of DNS could include invalid characters in names added to known hosts files when they were updated.

Aside from the two security issues mentioned above, OpenSSH 9.2 fixes a memory issue found in the previous v9.1 related to a pre-authentication double-free memory fault.

Among other noteworthy changes, this release also brings several new features. For example, OpenSSH 9.2 adds channel inactivity timeouts via a new “ChannelTimeout” option, which allows channels that have not seen traffic in a specified timeframe to be closed automatically.

Furthermore, this release adds a “-V” (version) option to sshd, similar to the ssh client, and a “-X” to both SCP and SFTP to allow control over some SFTP protocol parameters.

Of course, there are the expected bug fixes, with OpenSSH 9.2 addressing 12. Check out the release announcement for detailed information about them and everything else.

Bobby Borisov

Bobby Borisov

Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.

Think You're an Ubuntu Expert? Let's Find Out!

Put your knowledge to the test in our lightning-fast Ubuntu quiz!
Ten questions to challenge yourself to see if you're a Linux legend or just a penguin in the making.

1 / 10

Ubuntu is an ancient African word that means:

2 / 10

Who is the Ubuntu's founder?

3 / 10

What year was the first official Ubuntu release?

4 / 10

What does the Ubuntu logo symbolize?

5 / 10

What package format does Ubuntu use for installing software?

6 / 10

When are Ubuntu's LTS versions released?

7 / 10

What is Unity?

8 / 10

What are Ubuntu versions named after?

9 / 10

What's Ubuntu Core?

10 / 10

Which Ubuntu version is Snap introduced?

The average score is 68%

Leave a Reply

Your email address will not be published. Required fields are marked *