Release Notes: This release adds important security fixes. Support for Diffie-Hellman with SHA256 has been added. Several features have been added to sshd_config, including support for conditional directives, forcing use of a specified command, and restrictions on port forwarding. Optional logging has been added to sftp-server. The client may exit if any requested port forwarding cannot be established, and will record any non-standard ports in the known_hosts file. Support for SELinux, Solaris process contracts, and OpenSSL hardware engines can be built in. Various other bugs have been fixed and features added.
Release Notes: This release fixes multiple PAM vulnerabilities. It also includes several compilation and bugfixes for various platforms.
Release Notes: This release fixed some buffer management errors. It is uncertain whether these errors are exploitable, but upgrading is recommended.
Release Notes: A fix for vulnerable linking on AIX/gcc, and several other bugfixes.
Release Notes: This version fixes a major security vulnerability which exists in versions 2.9.9 to 3.3. Systems running with "UsePrivilegeSeparation yes" or "ChallengeResponseAuthentication no" are not affected.The 3.4 release contains many fixes that were made during a week-long audit started when the recent security issue came to light. Some of those fixes are likely to be important security fixes. Therefore, upgrading to 3.4 is recommended.
Release Notes: This release fixes a bug which allowed users with an existing user account to gain root privileges with OpenSSH versions 2.0 through 3.0.2.
Release Notes: This release fixes a vulnerability in the UseLogin option of OpenSSH.