Thu Apr 3 12:17:00 GMT 2008
I've just updated the version of OpenSSH to 5.0p1-1.
This is a new major upstream release. It fixes a security related issue
found right after the release of 4.9p1. The Cygwin release is created
from the vanilla sources.
The official release message of 5.0p1:
OpenSSH 5.0 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
We apologise for any inconvenience resulting from this release
being made so shortly after 4.9. Unfortunately we only learned of
the below security issue from the public CVE report. The Debian
OpenSSH maintainers responsible for handling the initial report of
this bug failed to report it via either the private OpenSSH security
contact list (firstname.lastname@example.org) or the portable OpenSSH Bugzilla
We ask anyone wishing to report security bugs in OpenSSH to please use
the email@example.com contact and to practice responsible disclosure.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots and purchased
T-shirts or posters.
T-shirt, poster and CD sales directly support the project. Pictures
and more information can be found at:
For international orders use http://https.openbsd.org/cgi-bin/order
and for European orders, use http://https.openbsd.org/cgi-bin/order.eu
Changes since OpenSSH 4.9:
* CVE-2008-1483: Avoid possible hijacking of X11-forwarded connections
by refusing to listen on a port unless all address families bind
- SHA1 (openssh-5.0.tar.gz) = 729fb3168edf6a68408223b5ed82e59d13b57c47
- SHA1 (openssh-5.0p1.tar.gz) = 121cea3a730c0b0353334b6f46f438de30ab4928
- please read http://www.openssh.com/report.html
OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and
To update your installation, click on the "Install Cygwin now" link on
the http://cygwin.com/ web page. This downloads setup.exe to your
system. Then, run setup and answer all of the questions.
*** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***
If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there. It will be in the format:
If you need more information on unsubscribing, start reading here:
Please read *all* of the information on unsubscribing that is available
starting at this URL.
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
More information about the Cygwin-announce