Green End SFTP Server release 0.2.1 (SECURITY)
Richard Kettlewell
rjk at terraraq.org.uk
Thu Oct 9 23:59:27 BST 2014
This is to announce release 0.2.1 of my experimental SFTP server. It is
possible to use it with the OpenSSH server as a drop-in replacement for
the SFTP server that it ships with.
It differs from the OpenSSH SFTP server in the following ways:
* Support for protocol versions up to 6
* Several SFTP extensions
* Concurrent handling of pipelined requests
In this release, on Linux, access to /proc/self/mem is disabled. This
removes a means of remote code execution. Anyone using older versions
should upgrade immediately.
See http://seclists.org/fulldisclosure/2014/Oct/35 for discussion of the
analogous situation in OpenSSH.
For more information please visit:
http://www.greenend.org.uk/rjk/sftpserver/
ttfn/rjk
More information about the sgo-software-announce
mailing list