comparison CHANGES @ 1332:6aaec171e88e

add CVEs and patch urls
author Matt Johnston <matt@ucc.asn.au>
date Thu, 15 Sep 2016 21:43:57 +0800
parents 0ed3d2bbf956
children 8978d879ef07
comparison
equal deleted inserted replaced
1331:ab06e093d1e1 1332:6aaec171e88e
7 when connecting to Dropbear server. 7 when connecting to Dropbear server.
8 8
9 A dbclient user who can control username or host arguments could potentially 9 A dbclient user who can control username or host arguments could potentially
10 run arbitrary code as the dbclient user. This could be a problem if scripts 10 run arbitrary code as the dbclient user. This could be a problem if scripts
11 or webpages pass untrusted input to the dbclient program. 11 or webpages pass untrusted input to the dbclient program.
12 CVE-2016-7406
13 https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb
12 14
13 - Security: dropbearconvert import of OpenSSH keys could run arbitrary code as 15 - Security: dropbearconvert import of OpenSSH keys could run arbitrary code as
14 the local dropbearconvert user when parsing malicious key files 16 the local dropbearconvert user when parsing malicious key files
17 CVE-2016-7407
18 https://secure.ucc.asn.au/hg/dropbear/rev/34e6127ef02e
15 19
16 - Security: dbclient could run arbitrary code as the local dbclient user if 20 - Security: dbclient could run arbitrary code as the local dbclient user if
17 particular -m or -c arguments are provided. This could be an issue where 21 particular -m or -c arguments are provided. This could be an issue where
18 dbclient is used in scripts. 22 dbclient is used in scripts.
23 CVE-2016-7408
24 https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6
19 25
20 - Security: dbclient or dropbear server could expose process memory to the 26 - Security: dbclient or dropbear server could expose process memory to the
21 running user if compiled with DEBUG_TRACE and running with -v 27 running user if compiled with DEBUG_TRACE and running with -v
28 CVE-2016-7409
29 https://secure.ucc.asn.au/hg/dropbear/rev/6a14b1f6dc04
22 30
23 The security issues were reported by an anonymous researcher working with 31 The security issues were reported by an anonymous researcher working with
24 Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html 32 Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html
25 33
26 - Fix port forwarding failure when connecting to domains that have both 34 - Fix port forwarding failure when connecting to domains that have both
62 70
63 2016.72 - 9 March 2016 71 2016.72 - 9 March 2016
64 72
65 - Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions, 73 - Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions,
66 found by github.com/tintinweb. Thanks for Damien Miller for a patch. CVE-2016-3116 74 found by github.com/tintinweb. Thanks for Damien Miller for a patch. CVE-2016-3116
75 https://secure.ucc.asn.au/hg/dropbear/rev/a3e8389e01ff
67 76
68 2015.71 - 3 December 2015 77 2015.71 - 3 December 2015
69 78
70 - Fix "bad buf_incrpos" when data is transferred, broke in 2015.69 79 - Fix "bad buf_incrpos" when data is transferred, broke in 2015.69
71 80
340 Patch from Martin Donnelly 349 Patch from Martin Donnelly
341 350
342 - Limit the size of decompressed payloads, avoids memory exhaustion denial 351 - Limit the size of decompressed payloads, avoids memory exhaustion denial
343 of service 352 of service
344 Thanks to Logan Lamb for reporting and investigating it. CVE-2013-4421 353 Thanks to Logan Lamb for reporting and investigating it. CVE-2013-4421
354 https://secure.ucc.asn.au/hg/dropbear/rev/0bf76f54de6f
345 355
346 - Avoid disclosing existence of valid users through inconsistent delays 356 - Avoid disclosing existence of valid users through inconsistent delays
347 Thanks to Logan Lamb for reporting. CVE-2013-4434 357 Thanks to Logan Lamb for reporting. CVE-2013-4434
358 https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a
348 359
349 - Update config.guess and config.sub for newer architectures 360 - Update config.guess and config.sub for newer architectures
350 361
351 - Avoid segfault in server for locked accounts 362 - Avoid segfault in server for locked accounts
352 363
445 authorized_keys restrictions are used. Could allow arbitrary code execution 456 authorized_keys restrictions are used. Could allow arbitrary code execution
446 or bypass of the command="..." restriction to an authenticated user. 457 or bypass of the command="..." restriction to an authenticated user.
447 This bug affects releases 0.52 onwards. Ref CVE-2012-0920. 458 This bug affects releases 0.52 onwards. Ref CVE-2012-0920.
448 Thanks to Danny Fullerton of Mantor Organization for reporting 459 Thanks to Danny Fullerton of Mantor Organization for reporting
449 the bug. 460 the bug.
461 https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749
450 462
451 - Compile fix, only apply IPV6 socket options if they are available in headers 463 - Compile fix, only apply IPV6 socket options if they are available in headers
452 Thanks to Gustavo Zacarias for the patch 464 Thanks to Gustavo Zacarias for the patch
453 465
454 - Overwrite session key memory on exit 466 - Overwrite session key memory on exit