Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 15 Jan 2016 15:03:33 +0100
From: Yves-Alexis Perez <corsac@...ian.org>
To: oss-security@...ts.openwall.com, openssh@...nssh.com
Subject: Re: Qualys Security Advisory - Roaming through the
 OpenSSH client: CVE-2016-0777 and CVE-2016-0778

On jeu., 2016-01-14 at 09:13 -0800, Qualys Security Advisory wrote:
> Qualys Security Advisory
> 
> Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778

This is not directly related to the Qualys advisory, but the 7.1p2 OpenSSH
releases [1] fixes another vulnerability, could CVE be assigned?

SECURITY: Fix an out of-bound read access in the packet handling code.
Reported by Ben Hawkes [2]

There's also a fix [3] related to X11 forwarding which seems different than
the fix which went into OpenSSH 6.9 [4,5]. I'm not sure if it deserves a CVE
or not.


[1] http://www.openssh.com/txt/release-7.1p2
[2] https://anongit.mindrot.org/openssh.git/commit/?id=2fecfd486bdba9f51b3a789
277bb0733ca36e1c0
[3] https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa
0db113c71e234416c
[4] http://www.openssh.com/txt/release-6.9
[5] https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9_P1&id=1bf477d3cdf1
a864646d59820878783d42357a1d
-- 
Yves-Alexis


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ