Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 01 Jul 2015 14:27:04 +0200
From: Andreas Stieger <>
Subject: CVE Request: two security issues in openSSH 6.9


The openSSH 6.9 release contains the following changes declared as
security issues:

> Security
> --------
>  * ssh(1): when forwarding X11 connections with ForwardX11Trusted=no,
>    connections made after ForwardX11Timeout expired could be permitted
>    and no longer subject to XSECURITY restrictions because of an
>    ineffective timeout check in ssh(1) coupled with "fail open"
>    behaviour in the X11 server when clients attempted connections with
>    expired credentials. This problem was reported by Jann Horn.

In the portable releases, this is

>  * ssh-agent(1): fix weakness of agent locking (ssh-add -x) to
>    password guessing by implementing an increasing failure delay,
>    storing a salted hash of the password rather than the password
>    itself and using a timing-safe comparison function for verifying
>    unlock attempts. This problem was reported by Ryan Castellucci.

In the portable releases, this is

Could CVE-IDs be assigned for these please?


Andreas Stieger <>
Project Manager Security
SUSE Linux GmbH, GF: Felix Imend├Ârffer, Jane Smithard, Dilip Upmanyu, Graham Norton, HRB 21284 (AG N├╝rnberg)

Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ