Update Info


Security update for ssh-audit

Type: security
Severity: moderate
Issued: 2021-10-20
This update for ssh-audit fixes the following issues:

ssh-audit was updated to version 2.5.0

* Fixed crash when running host key tests.
* Handles server connection failures more gracefully.
* Now prints JSON with indents when -jj is used (useful for
* Added MD5 fingerprints to verbose output.
* Added -d/--debug option for getting debugging output.
* Updated JSON output to include MD5 fingerprints. Note that
  this results in a breaking change in the 'fingerprints'
  dictionary format.
* Updated OpenSSH 8.1 (and earlier) policies to include
  rsa-sha2-512 and rsa-sha2-256.
* Added OpenSSH v8.6 & v8.7 policies.
* Added 3 new key exchanges:

  + gss-gex-sha1-eipGX3TCiQSrx573bT1o1Q==
  + gss-group1-sha1-eipGX3TCiQSrx573bT1o1Q==
  + gss-group14-sha1-eipGX3TCiQSrx573bT1o1Q==
* Added 3 new MACs:

  + hmac-ripemd160-96
  + AEAD_AES_128_GCM
  + AEAD_AES_256_GCM

Update to version 2.4.0

* Added multi-threaded scanning support.
* Added version check for OpenSSH user enumeration (CVE-2018-15473).
* Added deprecation note to host key types based on SHA-1.
* Added extra warnings for SSHv1.
* Added built-in hardened OpenSSH v8.5 policy.
* Upgraded warnings to failures for host key types based on SHA-1
* Fixed crash when receiving unexpected response during host key
* Fixed hang against older Cisco devices during host key test &
  gex test.
* Fixed improper termination while scanning multiple targets when
  one target returns an error.
* Dropped support for Python 3.5 (which reached EOL in Sept.2020)
* Added 1 new key exchange: sntrup761x25519-sha512@openssh.com.




  • ssh-audit-2.5.0-bp153.2.3.1