Date: Wed, 16 Mar 2016 09:43:36 +0100 From: Tomas Hoger <thoger@...hat.com> To: Gsunde Orangen <gsunde.orangen@...il.com> Cc: oss-security@...ts.openwall.com, cve-assign@...re.org Subject: Re: Re: Announce: Portable OpenSSH 7.2p2 released On Fri, 11 Mar 2016 12:34:58 +0100 Gsunde Orangen wrote: > It should be noted, that the new openSSH 7.2p2 also includes the fix for > CVE-2016-1908 as it had been assigned here: > http://seclists.org/oss-sec/2016/q1/115 > > * SECURITY: Eliminate the fallback from untrusted X11-forwarding to > trusted forwarding for cases when the X server disables the > SECURITY extension. Reported by Thomas Hoger. 7.2p2 includes the fix, but it's not the first version that includes it. I see it documented in 7.2 release: http://www.openssh.com/txt/release-7.2 * ssh(1): eliminate fallback from untrusted X11 forwarding to trusted forwarding when the X server disables the SECURITY extension. and patches included in 7.2p1 already. -- Tomas Hoger / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ