March 2005

ID: 00220
Ref: 199/2005
Date: 17 March 2005:15:07:34
Version: 1

---

Title: LSH - LSH-2.0.1, fix for denial of service bug
Abstract: This is a bugfix release, which is fairly important since it fixes a denial of service bug in lshd (and also in lsh, but that's probably of less importance).
Vendors affected: LSH
Operating systems affected: LSH
Applications affected: LSH

---

Title
=====

LSH - LSH-2.0.1, fix for denial of service bug

Detail
======

PLEASE NOTE - The following is a LSH e-mail:

This is a bugfix release, which is fairly important since it fixes a
denial of service bug in lshd (and also in lsh, but that's probably of
less importance).

News for the 2.0.1 release

Fixed denial of service bug in lshd.

Fixed a bug in lsh-make-seed, which could make the program go
into an infinite loop on read errors.

lsh now asks for passwords also in quite (-q) mode, as
described in the manual.

Control character filtering used to sometimes consider newline
as a dangerous control character. Now newlines should be
displayed normally.

Removed support for the non-standard alias
"diffie-hellman-group2-sha1". The standardized name is for
this key exchange method is "diffie-hellman-group14-sha1".

Since it's a small update, I'm also distributing a patch file.
Available at

http://www.lysator.liu.se/~nisse/archive/lsh-2.0.1.tar.gz
ftp://ftp.lysator.liu.se/pub/security/lsh/lsh-2.0.1.tar.gz

http://www.lysator.liu.se/~nisse/archive/lsh-2.0-2.0.1.diff.gz
ftp://ftp.lysator.liu.se/pub/security/lsh/lsh-2.0-2.0.1.diff.gz

Regards,
/Niels