comparison CHANGES @ 1411:798854f62430 fuzz

merge from main
author Matt Johnston <matt@ucc.asn.au>
date Wed, 14 Jun 2017 23:31:42 +0800
parents 1a3c4ec0f840
children b19877938d6a
comparison
equal deleted inserted replaced
1408:27e65d3aed5f 1411:798854f62430
3 - Security: Fix double-free in server TCP listener cleanup 3 - Security: Fix double-free in server TCP listener cleanup
4 A double-free in the server could be triggered by an authenticated user if 4 A double-free in the server could be triggered by an authenticated user if
5 dropbear is running with -a (Allow connections to forwarded ports from any host) 5 dropbear is running with -a (Allow connections to forwarded ports from any host)
6 This could potentially allow arbitrary code execution as root by an authenticated user. 6 This could potentially allow arbitrary code execution as root by an authenticated user.
7 Affects versions 2013.56 to 2016.74. Thanks to Mark Shepard for reporting the crash. 7 Affects versions 2013.56 to 2016.74. Thanks to Mark Shepard for reporting the crash.
8 CVE-2017-9078 https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c
8 9
9 - Security: Fix information disclosure with ~/.ssh/authorized_keys symlink. 10 - Security: Fix information disclosure with ~/.ssh/authorized_keys symlink.
10 Dropbear parsed authorized_keys as root, even if it were a symlink. The fix 11 Dropbear parsed authorized_keys as root, even if it were a symlink. The fix
11 is to switch to user permissions when opening authorized_keys 12 is to switch to user permissions when opening authorized_keys
12 13
14 couldn't normally read. If they managed to get that file to contain valid 15 couldn't normally read. If they managed to get that file to contain valid
15 authorized_keys with command= options it might be possible to read other 16 authorized_keys with command= options it might be possible to read other
16 contents of that file. 17 contents of that file.
17 This information disclosure is to an already authenticated user. 18 This information disclosure is to an already authenticated user.
18 Thanks to Jann Horn of Google Project Zero for reporting this. 19 Thanks to Jann Horn of Google Project Zero for reporting this.
20 CVE-2017-9079 https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123
19 21
20 - Generate hostkeys with dropbearkey atomically and flush to disk with fsync 22 - Generate hostkeys with dropbearkey atomically and flush to disk with fsync
21 Thanks to Andrei Gherzan for a patch 23 Thanks to Andrei Gherzan for a patch
22 24
23 - Fix out of tree builds with bundled libtom 25 - Fix out of tree builds with bundled libtom