NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a0a59c6451
kumquat-buildroot/package/openssh/openssh.hash
Fabrice Fontaine 12916827e0 package/openssh: security bump to version 8.6p1 
Security
========

 * sshd(8): OpenSSH 8.5 introduced the LogVerbose keyword. When this
   option was enabled with a set of patterns that activated logging
   in code that runs in the low-privilege sandboxed sshd process, the
   log messages were constructed in such a way that printf(3) format
   strings could effectively be specified the low-privilege code.

   An attacker who had sucessfully exploited the low-privilege
   process could use this to escape OpenSSH's sandboxing and attack
   the high-privilege process. Exploitation of this weakness is
   highly unlikely in practice as the LogVerbose option is not
   enabled by default and is typically only used for debugging. No
   vulnerabilities in the low-privilege process are currently known
   to exist.

https://www.openssh.com/txt/release-8.6

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-15 17:18:50 +02:00

5 lines
262 B
Plaintext
Raw Blame History

# From https://www.openssh.com/txt/release-8.6 (base64 encoded)
sha256 c3e6e4da1621762c850d03b47eed1e48dff4cc9608ddeb547202a234df8ed7ae openssh-8.6p1.tar.gz
# Locally calculated
sha256 432abf7480fb31473a6706627212913fc70032e3fb71b90fecb28ae26a2d741d LICENCE
Reference in New Issue View Git Blame Copy Permalink