What is the UnixWare 7D OpenSSH 7.3p1f Package? The OpenSSH 7.3p1f package is an updated OpenSSH for UnixWare 7D that addresses the following problems or new features. Problems Fixed -------------- Changes between openssh-7.3p1e (FCS) and openssh-7.3p1f-UnixWare7D-i386.pkg Incorrect open(2) flags in sftp-server permitted creation of zero-length files when the server was running in read-only mode (invoked using the -R command-line flag). patched for CVE-2021-41617 sshd(8) failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or AuthorizedPrincipalsCommandUser directive was been set to run the command as a non-root user. Instead these commands would inherit the groups that sshd(8) was started with. Depending on system configuration, inherited groups may allow the helper programs to gain unintended privilege. Neither AuthorizedKeysCommand nor AuthorizedPrincipalsCommand are enabled by default in sshd_config(5). ssh-keygen disable generating dsa keys with -A remove reference to rsa1 in man page Improve comments in sshd_config Contents -------- openssh-7.3p1f-UnixWare7D-i386.pkg.gz MD5(openssh-7.3p1f-UnixWare7D-i386.pkg.gz)= 767fe302efcfc1c2a600ab96107909c1 SHA256(openssh-7.3p1f-UnixWare7D-i386.pkg.gz)= 673899ec75daff60ddcd0004c2bd6d13f1c8f0d61745901e2f5c651a797ea555 Software Notes and Recommendations ---------------------------------- The UW7D OpenSSH 7.3p1f package is intended for installation on UnixWare 7 Definitive 2018 (also known as D2M1) Installation Instructions ------------------------- 1. Download openssh-7.3p1f-UnixWare7D-i386.pkg.gz file to the /tmp directory on your machine. 2. As root, add the package to your system using these commands: $ su - Password: # gzcat /tmp/openssh-7.3p1f-UnixWare7D-i386.pkg.gz | pkgadd -qd - all 3. The upgrade process will not modify existing /etc/ssh/ssh_config or /etc/ssh/sshd_config files if modifications have been made. If not modified, default option settings as well as additional options different than the earlier openSSH options will be replaced. The default configuration files are saved in /etc/ssh/7.3p1/. System administrators should review the new default options and update /etc/ssh/ssh_config and /etc/ssh/sshd_config accordingly. Removal Instructions -------------------- 1. As root, remove the package using these commands: $ su - Password: # pkgrm openssh 2. Your system does not contain an OpenSSH after removal of this package. Note: removing OpenSSH will break existing OpenSSH logins, so this should be done from the console or in single user mode. If you have questions regarding this supplement, or the product on which it is installed, please contact your Xinuos software supplier.