buildroot/package/openssh
Fabrice Fontaine 12916827e0 package/openssh: security bump to version 8.6p1
Security
========

 * sshd(8): OpenSSH 8.5 introduced the LogVerbose keyword. When this
   option was enabled with a set of patterns that activated logging
   in code that runs in the low-privilege sandboxed sshd process, the
   log messages were constructed in such a way that printf(3) format
   strings could effectively be specified the low-privilege code.

   An attacker who had sucessfully exploited the low-privilege
   process could use this to escape OpenSSH's sandboxing and attack
   the high-privilege process. Exploitation of this weakness is
   highly unlikely in practice as the LogVerbose option is not
   enabled by default and is typically only used for debugging. No
   vulnerabilities in the low-privilege process are currently known
   to exist.

https://www.openssh.com/txt/release-8.6

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-15 17:18:50 +02:00
..
Config.in
openssh.hash package/openssh: security bump to version 8.6p1 2021-05-15 17:18:50 +02:00
openssh.mk package/openssh: security bump to version 8.6p1 2021-05-15 17:18:50 +02:00
S50sshd
sshd-sysusers.conf
sshd.service