Mercurial > dropbear
comparison CHANGES @ 1332:6aaec171e88e
add CVEs and patch urls
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 15 Sep 2016 21:43:57 +0800 |
parents | 0ed3d2bbf956 |
children | 8978d879ef07 |
comparison
equal
deleted
inserted
replaced
1331:ab06e093d1e1 | 1332:6aaec171e88e |
---|---|
7 when connecting to Dropbear server. | 7 when connecting to Dropbear server. |
8 | 8 |
9 A dbclient user who can control username or host arguments could potentially | 9 A dbclient user who can control username or host arguments could potentially |
10 run arbitrary code as the dbclient user. This could be a problem if scripts | 10 run arbitrary code as the dbclient user. This could be a problem if scripts |
11 or webpages pass untrusted input to the dbclient program. | 11 or webpages pass untrusted input to the dbclient program. |
12 CVE-2016-7406 | |
13 https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb | |
12 | 14 |
13 - Security: dropbearconvert import of OpenSSH keys could run arbitrary code as | 15 - Security: dropbearconvert import of OpenSSH keys could run arbitrary code as |
14 the local dropbearconvert user when parsing malicious key files | 16 the local dropbearconvert user when parsing malicious key files |
17 CVE-2016-7407 | |
18 https://secure.ucc.asn.au/hg/dropbear/rev/34e6127ef02e | |
15 | 19 |
16 - Security: dbclient could run arbitrary code as the local dbclient user if | 20 - Security: dbclient could run arbitrary code as the local dbclient user if |
17 particular -m or -c arguments are provided. This could be an issue where | 21 particular -m or -c arguments are provided. This could be an issue where |
18 dbclient is used in scripts. | 22 dbclient is used in scripts. |
23 CVE-2016-7408 | |
24 https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6 | |
19 | 25 |
20 - Security: dbclient or dropbear server could expose process memory to the | 26 - Security: dbclient or dropbear server could expose process memory to the |
21 running user if compiled with DEBUG_TRACE and running with -v | 27 running user if compiled with DEBUG_TRACE and running with -v |
28 CVE-2016-7409 | |
29 https://secure.ucc.asn.au/hg/dropbear/rev/6a14b1f6dc04 | |
22 | 30 |
23 The security issues were reported by an anonymous researcher working with | 31 The security issues were reported by an anonymous researcher working with |
24 Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html | 32 Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html |
25 | 33 |
26 - Fix port forwarding failure when connecting to domains that have both | 34 - Fix port forwarding failure when connecting to domains that have both |
62 | 70 |
63 2016.72 - 9 March 2016 | 71 2016.72 - 9 March 2016 |
64 | 72 |
65 - Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions, | 73 - Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions, |
66 found by github.com/tintinweb. Thanks for Damien Miller for a patch. CVE-2016-3116 | 74 found by github.com/tintinweb. Thanks for Damien Miller for a patch. CVE-2016-3116 |
75 https://secure.ucc.asn.au/hg/dropbear/rev/a3e8389e01ff | |
67 | 76 |
68 2015.71 - 3 December 2015 | 77 2015.71 - 3 December 2015 |
69 | 78 |
70 - Fix "bad buf_incrpos" when data is transferred, broke in 2015.69 | 79 - Fix "bad buf_incrpos" when data is transferred, broke in 2015.69 |
71 | 80 |
340 Patch from Martin Donnelly | 349 Patch from Martin Donnelly |
341 | 350 |
342 - Limit the size of decompressed payloads, avoids memory exhaustion denial | 351 - Limit the size of decompressed payloads, avoids memory exhaustion denial |
343 of service | 352 of service |
344 Thanks to Logan Lamb for reporting and investigating it. CVE-2013-4421 | 353 Thanks to Logan Lamb for reporting and investigating it. CVE-2013-4421 |
354 https://secure.ucc.asn.au/hg/dropbear/rev/0bf76f54de6f | |
345 | 355 |
346 - Avoid disclosing existence of valid users through inconsistent delays | 356 - Avoid disclosing existence of valid users through inconsistent delays |
347 Thanks to Logan Lamb for reporting. CVE-2013-4434 | 357 Thanks to Logan Lamb for reporting. CVE-2013-4434 |
358 https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a | |
348 | 359 |
349 - Update config.guess and config.sub for newer architectures | 360 - Update config.guess and config.sub for newer architectures |
350 | 361 |
351 - Avoid segfault in server for locked accounts | 362 - Avoid segfault in server for locked accounts |
352 | 363 |
445 authorized_keys restrictions are used. Could allow arbitrary code execution | 456 authorized_keys restrictions are used. Could allow arbitrary code execution |
446 or bypass of the command="..." restriction to an authenticated user. | 457 or bypass of the command="..." restriction to an authenticated user. |
447 This bug affects releases 0.52 onwards. Ref CVE-2012-0920. | 458 This bug affects releases 0.52 onwards. Ref CVE-2012-0920. |
448 Thanks to Danny Fullerton of Mantor Organization for reporting | 459 Thanks to Danny Fullerton of Mantor Organization for reporting |
449 the bug. | 460 the bug. |
461 https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749 | |
450 | 462 |
451 - Compile fix, only apply IPV6 socket options if they are available in headers | 463 - Compile fix, only apply IPV6 socket options if they are available in headers |
452 Thanks to Gustavo Zacarias for the patch | 464 Thanks to Gustavo Zacarias for the patch |
453 | 465 |
454 - Overwrite session key memory on exit | 466 - Overwrite session key memory on exit |