From 29b6114acfefc5146410c722f9412a7ac31910c8 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Thu, 7 Oct 2021 22:59:53 +0200 Subject: [PATCH] package/openssh: security bump to version 8.8p1 Fix CVE-2021-41617: sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. https://www.openssh.com/txt/release-8.8 https://www.openssh.com/txt/release-8.7 Signed-off-by: Fabrice Fontaine Signed-off-by: Peter Korsgaard --- package/openssh/openssh.hash | 4 ++-- package/openssh/openssh.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package/openssh/openssh.hash b/package/openssh/openssh.hash index 0dcd725de5..aab3dba09c 100644 --- a/package/openssh/openssh.hash +++ b/package/openssh/openssh.hash @@ -1,4 +1,4 @@ -# From https://www.openssh.com/txt/release-8.6 (base64 encoded) -sha256 c3e6e4da1621762c850d03b47eed1e48dff4cc9608ddeb547202a234df8ed7ae openssh-8.6p1.tar.gz +# From https://www.openssh.com/txt/release-8.8 (base64 encoded) +sha256 4590890ea9bb9ace4f71ae331785a3a5823232435161960ed5fc86588f331fe9 openssh-8.8p1.tar.gz # Locally calculated sha256 432abf7480fb31473a6706627212913fc70032e3fb71b90fecb28ae26a2d741d LICENCE diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk index 61b2c97cf4..75c4a0128b 100644 --- a/package/openssh/openssh.mk +++ b/package/openssh/openssh.mk @@ -4,7 +4,7 @@ # ################################################################################ -OPENSSH_VERSION_MAJOR = 8.6 +OPENSSH_VERSION_MAJOR = 8.8 OPENSSH_VERSION_MINOR = p1 OPENSSH_VERSION = $(OPENSSH_VERSION_MAJOR)$(OPENSSH_VERSION_MINOR) OPENSSH_CPE_ID_VERSION = $(OPENSSH_VERSION_MAJOR)