[mosh-devel] Please test mosh 1.2.3 release candidate

Keith Winstein keithw at MIT.EDU
Fri Oct 5 21:23:08 EDT 2012 

Hello all,

Please test the mosh 1.2.3 release candidate:

https://github.com/downloads/keithw/mosh/mosh-1.2.2.95rc1.tar.gz

On Wed, May 23, 2012 at 12:52 PM, Keith Winstein <keithw at mit.edu> wrote:

> Hello all,
>
> Please test the mosh 1.2.1 release candidate before it is released later
> this week.
>
>         https://github.com/downloads/**keithw/mosh/mosh-1.2.0.97.tar.**gz<https://github.com/downloads/keithw/mosh/mosh-1.2.0.97.tar.gz>
>
> This fixes a number of issues in mosh 1.2, including the ability of evil
> applications to cause the mosh-server to use a lot of CPU time trying
> execute a short ANSI escape sequence with a huge "repeat" count. The same
> sequences can allow a malicious mosh-server to cause the mosh-client to use
> a lot of CPU time.
>
> Timo Juhani Lindfors reported this issue to Fedora, which requested a CVE
> (CVE-2012-2385) on the grounds that it is a denial of service by the
> application against the mosh-server or by the mosh-server against the
> mosh-client. We don't generally consider this kind of issue to be security
> related, since the application is already trusted to decide what it on the
> screen, and can do things like shut off the keyboard. But it makes for more
> robust terminal emulation to ignore these gigantic repeat counts rather
> than getting stuck in a huge loop.
>
> This release will also:
>
> * Improve performance on lossy links
>
> * Give the user a helpful diagnostic when the link is dead in only one
>   direction
>
> * Use less CPU when link is down (Keegan McAllister)
>
> * Use less memory when mosh-server is malicious.
>
> * Fix a vttest regression re: wrapping and tabs.
>
> * Enable a roundtrip verifier of terminal emulator correctness when
>   the server is verbose.
>
> * Remove skalibs as a dependency (Keegan McAllister)
>
> * Remove use of poll() and the OS X poll workaround in favor of
>   pselect(), which we think works everywhere (Keegan McAllister)
>
> * Include a bash_completion file (ejeffrey)
>
> * Include a firewall profile for UFW (Fumihito YOSHIDA)
>
> Please report any feedback to the list or by filing a new issue on GitHub (
> https://github.com/keithw/**mosh/issues<https://github.com/keithw/mosh/issues>
> ).
>
> Thanks very much,
> Keith
> for the Mosh project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mosh-devel/attachments/20121005/241ed2b0/attachment.html

More information about the mosh-devel mailing list