Thema: SSH/SSL/VPN Tools...

[SiLæncer]

Verwundbare Versionen der Kryptobibliothek prüfen die Zertifikatskette nicht richtig, was es Angreifern ermöglicht, eigene Zertifikate für beliebige Domains auszustellen.

Die Entwickler der Kryptobibliothek OpenSSL haben wie angekündigt eine kritische Lücke in ihrer Software geflickt (CVE-2015-1793). OpenSSL prüft demnach das CA-Flag eines Zertifikats unter bestimmten Unständen nicht richtig. Das kann dazu führen, dass ein Angreifer sich als Intermediate-CA ausgeben und eigene Zertifikate für die Webseiten anderer Betreiber signieren kann. Damit kann er sich dann zum Beispiel als die Hausbank des Opfers ausgeben.

Der ganze Artikel

Quelle : www.heise.de

[SiLæncer]

Whats new: >>

This new version resolves an issue with white-list defined at user level, that in certain particular situations may have been skipped in previous versions.

http://www.extenua.com/silvershield

[SiLæncer]

Changelog

New features:

Signal names are displayed instead of numbers.
"make check" target was modified to only build Win32 executables when stunnel is built from a git repository
First resolve IPv4 addresses on passive resolver requests. This speeds up stunnel startup on Win32 with slow/defunct DNS service.

Bug fixes:

Fixed a FORK and UCONTEXT threading compilation issues.
Fixed a cron thread scheduling issue.
Fixed "failover=prio" broken since stunnel 5.15.

[close]

https://www.stunnel.org/index.html

[SiLæncer]

Whats new:>>

Bundles OpenSSL 1.0.1p, which fixes a security vulnerability of high severity.

http://openvpn.net/

[SiLæncer]

Whats new: >>

Incoming connections to PuTTY tools (to forwarded ports and to the connection-sharing socket) now log their source address or pid, where facilities exist to do so.
Cryptography speedup on 64-bit Unix platforms by using gcc and clang's __uint128_t built-in type.
Bug fix: the configuration dialog is no longer accidentally invisible in some Windows Vista display themes.
Bug fix: the Windows PuTTY GUI no longer becomes unresponsive if the server sends a continuous flood of data. (Sorry! We fixed that once before, but it came back in 0.64.)
Bug fix: PSFTP now returns a failure exit status if a command fails in a batch-mode script.
Bug fix: ESC [ 13 t can no longer elicit an invalid escape sequence as a response.

http://www.chiark.greenend.org.uk/~sgtatham/putty/

[SiLæncer]

Changelog

New features

    Signal names are displayed instead of numbers.
    First resolve IPv4 addresses on passive resolver requests. This speeds up stunnel startup on Win32 with a slow/defunct DNS service.
    The "make check" target was modified to only build Win32 executables when stunnel is built from a git repository (thx to Peter Pentchev).
    More elaborate descriptions were added to the warning about using "verify = 2" without "checkHost" or "checkIP".
    Performance optimization was performed on the debug code.

Bugfixes

    Fixed the FORK and UCONTEXT threading support.
    Fixed "failover=prio" (broken since stunnel 5.15).
    Added a retry when sleep(3) was interrupted by a signal in the cron thread scheduler.

[close]

https://www.stunnel.org/index.html

[SiLæncer]

Changelog

    New features:

    "OCSPaia = yes" added to the configuration file templates.
    Improved double free detection.

    Bug fixes:

    Fixed a number of OCSP bugs. The most severe of those bugs caused stunnel to treat OCSP responses that failed OCSP_basic_verify() checks as if they were successful.
    Fixed the passive IPv6 resolver (broken in stunnel 5.21).

[close]

https://www.stunnel.org/index.html

[SiLæncer]

Whats new:>>

New features:

New service-level option "OCSPnonce". The default value is "OCSPnonce = no".
Inactive ports removed from the PORTS file.

https://www.stunnel.org/index.html

[SiLæncer]

Changelog

Contains the following changes:

Report missing endtags of inline files as warnings
Fix commit e473b7c if an inline file happens to have a line break exactly at buffer limit
Produce a meaningful error message if --daemon gets in the way of asking for passwords.
Document --daemon changes and consequences (--askpass, --auth-nocache).
Del ipv6 addr on close of linux tun interface
Fix --askpass not allowing for password input via stdin
write pid file immediately after daemonizing
Make __func__ work with Visual Studio too
fix regression: query password before becoming daemon
Fix using management interface to get passwords.
Fix overflow check in openvpn_decrypt()
Un-break --auth-user-pass on windows

[close]

http://openvpn.net/

[SiLæncer]

Whats new:>>

* Bugfixes

  - Compilation fix for OpenSSL version older than 1.0.0.

https://www.stunnel.org/index.html

[SiLæncer]

Changelog

* New features

  - Win32 directory structure rearranged.  The installer script provides automatic migration for common setups.
  - Added Win32 installer option to install stunnel for the current user only.  This feature does not deploy the NT
    service, but it also does not require aministrative privileges to install and configure stunnel.
  - stunnel.cnf was renamed to openssl.cnf in order to to prevent users from mixing it up with stunnel.conf.
  - Win32 desktop is automatically refreshed when the icon is created or removed.
  - The ca-certs.pem file is now updated on stunnel upgrade.

* Bugfixes

  - Compilation fix for mingw.

[close]

https://www.stunnel.org/index.html

[SiLæncer]

Changelog

New feature:

    Patch PRINTCLIPPORT integration (http://ericmason.net/2010/04/putty-ssh-windows-clipboard-integration/).
    Port number can be set in log file name.
    New icon to mark loss of connection.
    New menu item in the main menu to modify font (size and colour), new shortcuts CTRL+SHIFT+UP/DOWN to modify the font size.

Bug fix:

    CTRL+TAB and hyperlink patch incompatibility.
    Icon was modified when about box exit, even if it should remain unmodified.
    No more launcher icon.

Feature improvement:

    Automatic reconnection was rewritten.

[close]

http://www.9bis.net/kitty/?page=Welcome&zone=en

[SiLæncer]

Changelog

Installation and upgrade:

This is the first version tested on Windows 10 as part of the development process.
The SSH Client installer now supports the -activationCode parameter. This allows a license code to be applied to the SSH Client during initial installation or an upgrade. The SSH Client will operate with full functionality with or without a license code, but applying it allows users to indicate their licensed status.
On Windows Vista and newer, the installer did not auto-run correctly after the uninstaller prompted for restart during upgrade. Fixed.
Failed and incomplete installations are now detected and displayed, to help the user choose the correct installation directory.
Publisher and version information is now added for display in Add/Remove Programs.

SSH:

SHA-256 public key fingerprints, compatible with the latest OpenSSH versions, are now supported.
The 1024-bit fixed prime Diffie Hellman key exchange method, diffie-hellman-group1-sha1, is now disabled by default, due to doubts about continuing security of Diffie Hellman with a 1024-bit fixed prime. Compatibility with most older servers should be retained via the diffie-hellman-group14-sha1 method, which uses a 2048-bit fixed prime. We recommend migrating older SSH servers to new versions supporting ECDH and ECDSA.
Symmetric encryption algorithms that use CBC mode are now disabled by default. Bitvise SSH Client and Server implement defenses against attacks on CBC mode, but other implementations that still use CBC mode are unlikely to implement such defenses. Most implementations should now support encryption in CTR mode.
In past Bitvise SSH Client 6.xx versions, gssapi-keyex authentication was always unavailable. Fixed.

Graphical client:

The graphical SFTP client now maintains a list of recent locations.
Fixed an issue which prevented use of the -proxyUserName parameter with the graphical SSH Client. Command-line clients were unaffected.
Fixed an issue which caused the graphical SSH Client to send an empty response to all prompts other than the first one in keyboard-interactive authentication. This issue did not affect command-line clients.

Command-line clients:

A new retry utility is now included, which can be used to automatically retry a command based on its exit code. Run retry without parameters for help. The utility can be used with any command line program, but is intended specifically for use with sftpc.
The log utility now supports an additional parameter, -t, which will cause the utility to prefix every line of output with a timestamp. This can be used to log and timestamp the output of any command line program, and is intended specifically for use with sftpc.
The command-line SFTP client, sftpc, now supports tab expansion based on wildcard patterns.
sftpc now reports a full completion timestamp for each transfer.
sftpc now waits a maximum of one second if the server does not respond to SFTP channel close. Previously, a server that did not respond to channel close would cause sftpc to wait indefinitely.

SFTP:

In versions 6.23 - 6.31, a command such as "put directory" would not upload the contents of "directory", but instead only create an empty directory. In addition, a command such as "lrm directory -s" would always fail when the directory being removed was not empty. Fixed.
OpenSSH servers contain a flaw where a noisy shell startup script, such as a .bashrc file, will cause garbage data to be passed to an SFTP client on the SFTP channel. Previously, this would prevent establishing an SFTP session. The client now ignores such invalid data, and looks for a particular byte signature to indicate the start of the server's first packet in the SFTP session.
The Start in last directory feature in the graphical SFTP interface should work again.
Turning off the Start option did not pause new transfers in the graphical SFTP interface when they were initiated via drag-and-drop or a clipboard action. Fixed. The transfers did start paused when using the Upload and Download buttons.
When transferring files in text mode using SFTP version 4 or higher, the ignored offset is now set to an invalid 64-bit value instead of zero. This prevents an unending transfer with servers that do not ignore the offset as required by the textual transfer mode (e.g. older versions of VShell).
Fixed an issue which could cause the SFTP client to send more channel data after sending channel close.

FTP-to-SFTP bridge:

Fixed an issue that could cause the FTP-to-SFTP bridge to freeze while downloading.
When the FTP-to-SFTP Bridge was configured to listen on all interfaces (0.0.0.0), directory listings and file transfers would not work in passive mode. Fixed.

Terminal:

Double-width Chinese characters were not being properly rendered in recent SSH Client versions. This should now work properly in most cases.
Fixed problems with some Ctrl keyboard sequences: Ctrl+[, Ctrl+I, Ctrl+M, Ctrl+H, and Ctrl+J.
Fixed a scrolling problem that could occur if the last line of output was empty (e.g. when using cat).
Fixed an error that would frequently occur on Windows 10 when resizing a bvterm window in a Bitvise SSH Server terminal session. Further improved resizing on Windows 10.
If Auto close window was set to Never, and a terminal session closed successfully, the terminal window would consume 100% of a CPU core until closed. Fixed.

[close]

http://www.bitvise.com/tunnelier

[SiLæncer]

Whats new:>>

Bug fix: crash when selecting folder in config box.
Bug fix: -auto_store_sshkey option did not work anymore in plink (regression).
Feature modification: in PRINTCLIPPORT it is now possible to save settings.
Reconnection improvement: automatic reconnection on key pressed.

http://www.9bis.net/kitty/?page=Welcome&zone=en

[SiLæncer]

Whats new:>>

New features:

Added a new "protocolDomain" option for the NTLM authentication
Improved compatibility of the NTLM phase 1 message
Added OPENSSL_NO_EGD support

Bugfixes:

Fixed SOCKS5 RESOLVE [F0] TOR extension support.
Fixed the error code reported on the failed bind() requests.

https://www.stunnel.org/index.html