Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 27 Jan 2012 22:46:22 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Yves-Alexis Perez <corsac@...ian.org>, djm@...nbsd.org,
        dtucker@...nbsd.org
Subject: Re: CVE Request: Debian (others?) openssh-server:
 Forced Command handling leaks private information to ssh clients


> TL;DR anyone shipping OpenSSH portable 5.4 and 5.5 is vulnerable and needs to fix this.
> 
> This may also affect OpenSSH 5.4/5.5 (non portable) which I'll test when I get home.

Confirmed the code is basically identical, didn't actually run them to
test (since it's been fixed in OpenBSD for quite some time now).


-- 
Kurt Seifried Red Hat Security Response Team (SRT)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ