Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 16 Mar 2016 09:43:36 +0100
From: Tomas Hoger <thoger@...hat.com>
To: Gsunde Orangen <gsunde.orangen@...il.com>
Cc: oss-security@...ts.openwall.com, cve-assign@...re.org
Subject: Re: Re: Announce: Portable OpenSSH 7.2p2 released

On Fri, 11 Mar 2016 12:34:58 +0100 Gsunde Orangen wrote:

> It should be noted, that the new openSSH 7.2p2 also includes the fix for
> CVE-2016-1908 as it had been assigned here:
> http://seclists.org/oss-sec/2016/q1/115
> 
> * SECURITY: Eliminate the fallback from untrusted X11-forwarding to
>   trusted forwarding for cases when the X server disables the
>   SECURITY extension. Reported by Thomas Hoger.

7.2p2 includes the fix, but it's not the first version that includes
it.  I see it documented in 7.2 release:

http://www.openssh.com/txt/release-7.2

 * ssh(1): eliminate fallback from untrusted X11 forwarding to
   trusted forwarding when the X server disables the SECURITY
   extension.

and patches included in 7.2p1 already.

-- 
Tomas Hoger / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ