comparison CHANGES @ 1337:8978d879ef07

changes for 2017.75
author Matt Johnston <matt@ucc.asn.au>
date Wed, 17 May 2017 23:57:18 +0800
parents 6aaec171e88e
children c31276613181
comparison
equal deleted inserted replaced
1336:efad433418c4 1337:8978d879ef07
1 2017.75 - 18 May 2017
2
3 - Security: Fix double-free in server TCP listener cleanup
4 A double-free in the server could be triggered by an authenticated user if
5 dropbear is running with -a (Allow connections to forwarded ports from any host)
6 This could potentially allow arbitrary code execution as root by an authenticated user.
7 Affects versions 2013.56 to 2016.74. Thanks to Mark Shepard for reporting the crash.
8
9 - Security: Fix information disclosure with ~/.ssh/authorized_keys symlink.
10 Dropbear parsed authorized_keys as root, even if it were a symlink. The fix
11 is to switch to user permissions when opening authorized_keys
12
13 A user could symlink their ~/.ssh/authorized_keys to a root-owned file they
14 couldn't normally read. If they managed to get that file to contain valid
15 authorized_keys with command= options it might be possible to read other
16 contents of that file.
17 This information disclosure is to an already authenticated user.
18 Thanks to Jann Horn of Google Project Zero for reporting this.
19
20 - Call fsync() to ensure that new hostkeys (dropbear -R) are flushed to disk
21 Thanks to Andrei Gherzan for a patch
22
23 - Fix out of tree builds with bundled libtom
24 Thanks to Henrik Nordström and Peter Krefting for patches.
25
1 2016.74 - 21 July 2016 26 2016.74 - 21 July 2016
2 27
3 - Security: Message printout was vulnerable to format string injection. 28 - Security: Message printout was vulnerable to format string injection.
4 29
5 If specific usernames including "%" symbols can be created on a system 30 If specific usernames including "%" symbols can be created on a system