Mercurial > dropbear
comparison CHANGES @ 1411:798854f62430 fuzz
merge from main
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Wed, 14 Jun 2017 23:31:42 +0800 |
parents | 1a3c4ec0f840 |
children | b19877938d6a |
comparison
equal
deleted
inserted
replaced
1408:27e65d3aed5f | 1411:798854f62430 |
---|---|
3 - Security: Fix double-free in server TCP listener cleanup | 3 - Security: Fix double-free in server TCP listener cleanup |
4 A double-free in the server could be triggered by an authenticated user if | 4 A double-free in the server could be triggered by an authenticated user if |
5 dropbear is running with -a (Allow connections to forwarded ports from any host) | 5 dropbear is running with -a (Allow connections to forwarded ports from any host) |
6 This could potentially allow arbitrary code execution as root by an authenticated user. | 6 This could potentially allow arbitrary code execution as root by an authenticated user. |
7 Affects versions 2013.56 to 2016.74. Thanks to Mark Shepard for reporting the crash. | 7 Affects versions 2013.56 to 2016.74. Thanks to Mark Shepard for reporting the crash. |
8 CVE-2017-9078 https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c | |
8 | 9 |
9 - Security: Fix information disclosure with ~/.ssh/authorized_keys symlink. | 10 - Security: Fix information disclosure with ~/.ssh/authorized_keys symlink. |
10 Dropbear parsed authorized_keys as root, even if it were a symlink. The fix | 11 Dropbear parsed authorized_keys as root, even if it were a symlink. The fix |
11 is to switch to user permissions when opening authorized_keys | 12 is to switch to user permissions when opening authorized_keys |
12 | 13 |
14 couldn't normally read. If they managed to get that file to contain valid | 15 couldn't normally read. If they managed to get that file to contain valid |
15 authorized_keys with command= options it might be possible to read other | 16 authorized_keys with command= options it might be possible to read other |
16 contents of that file. | 17 contents of that file. |
17 This information disclosure is to an already authenticated user. | 18 This information disclosure is to an already authenticated user. |
18 Thanks to Jann Horn of Google Project Zero for reporting this. | 19 Thanks to Jann Horn of Google Project Zero for reporting this. |
20 CVE-2017-9079 https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123 | |
19 | 21 |
20 - Generate hostkeys with dropbearkey atomically and flush to disk with fsync | 22 - Generate hostkeys with dropbearkey atomically and flush to disk with fsync |
21 Thanks to Andrei Gherzan for a patch | 23 Thanks to Andrei Gherzan for a patch |
22 | 24 |
23 - Fix out of tree builds with bundled libtom | 25 - Fix out of tree builds with bundled libtom |