Mercurial > dropbear
comparison CHANGES @ 1737:8b27de2c92ee
Change secure.ucc.asn.au/hg to hg.ucc.asn.au
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Tue, 28 Jul 2020 18:53:48 +0800 |
| parents | cddc90de1b6f |
| children | 4b984c42372d |
comparison
equal
deleted
inserted
replaced
| 1736:0c31aedc3124 | 1737:8b27de2c92ee |
|---|---|
| 213 - Security: Fix double-free in server TCP listener cleanup | 213 - Security: Fix double-free in server TCP listener cleanup |
| 214 A double-free in the server could be triggered by an authenticated user if | 214 A double-free in the server could be triggered by an authenticated user if |
| 215 dropbear is running with -a (Allow connections to forwarded ports from any host) | 215 dropbear is running with -a (Allow connections to forwarded ports from any host) |
| 216 This could potentially allow arbitrary code execution as root by an authenticated user. | 216 This could potentially allow arbitrary code execution as root by an authenticated user. |
| 217 Affects versions 2013.56 to 2016.74. Thanks to Mark Shepard for reporting the crash. | 217 Affects versions 2013.56 to 2016.74. Thanks to Mark Shepard for reporting the crash. |
| 218 CVE-2017-9078 https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c | 218 CVE-2017-9078 https://hg.ucc.asn.au/dropbear/rev/c8114a48837c |
| 219 | 219 |
| 220 - Security: Fix information disclosure with ~/.ssh/authorized_keys symlink. | 220 - Security: Fix information disclosure with ~/.ssh/authorized_keys symlink. |
| 221 Dropbear parsed authorized_keys as root, even if it were a symlink. The fix | 221 Dropbear parsed authorized_keys as root, even if it were a symlink. The fix |
| 222 is to switch to user permissions when opening authorized_keys | 222 is to switch to user permissions when opening authorized_keys |
| 223 | 223 |
| 225 couldn't normally read. If they managed to get that file to contain valid | 225 couldn't normally read. If they managed to get that file to contain valid |
| 226 authorized_keys with command= options it might be possible to read other | 226 authorized_keys with command= options it might be possible to read other |
| 227 contents of that file. | 227 contents of that file. |
| 228 This information disclosure is to an already authenticated user. | 228 This information disclosure is to an already authenticated user. |
| 229 Thanks to Jann Horn of Google Project Zero for reporting this. | 229 Thanks to Jann Horn of Google Project Zero for reporting this. |
| 230 CVE-2017-9079 https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123 | 230 CVE-2017-9079 https://hg.ucc.asn.au/dropbear/rev/0d889b068123 |
| 231 | 231 |
| 232 - Generate hostkeys with dropbearkey atomically and flush to disk with fsync | 232 - Generate hostkeys with dropbearkey atomically and flush to disk with fsync |
| 233 Thanks to Andrei Gherzan for a patch | 233 Thanks to Andrei Gherzan for a patch |
| 234 | 234 |
| 235 - Fix out of tree builds with bundled libtom | 235 - Fix out of tree builds with bundled libtom |
| 245 | 245 |
| 246 A dbclient user who can control username or host arguments could potentially | 246 A dbclient user who can control username or host arguments could potentially |
| 247 run arbitrary code as the dbclient user. This could be a problem if scripts | 247 run arbitrary code as the dbclient user. This could be a problem if scripts |
| 248 or webpages pass untrusted input to the dbclient program. | 248 or webpages pass untrusted input to the dbclient program. |
| 249 CVE-2016-7406 | 249 CVE-2016-7406 |
| 250 https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb | 250 https://hg.ucc.asn.au/dropbear/rev/b66a483f3dcb |
| 251 | 251 |
| 252 - Security: dropbearconvert import of OpenSSH keys could run arbitrary code as | 252 - Security: dropbearconvert import of OpenSSH keys could run arbitrary code as |
| 253 the local dropbearconvert user when parsing malicious key files | 253 the local dropbearconvert user when parsing malicious key files |
| 254 CVE-2016-7407 | 254 CVE-2016-7407 |
| 255 https://secure.ucc.asn.au/hg/dropbear/rev/34e6127ef02e | 255 https://hg.ucc.asn.au/dropbear/rev/34e6127ef02e |
| 256 | 256 |
| 257 - Security: dbclient could run arbitrary code as the local dbclient user if | 257 - Security: dbclient could run arbitrary code as the local dbclient user if |
| 258 particular -m or -c arguments are provided. This could be an issue where | 258 particular -m or -c arguments are provided. This could be an issue where |
| 259 dbclient is used in scripts. | 259 dbclient is used in scripts. |
| 260 CVE-2016-7408 | 260 CVE-2016-7408 |
| 261 https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6 | 261 https://hg.ucc.asn.au/dropbear/rev/eed9376a4ad6 |
| 262 | 262 |
| 263 - Security: dbclient or dropbear server could expose process memory to the | 263 - Security: dbclient or dropbear server could expose process memory to the |
| 264 running user if compiled with DEBUG_TRACE and running with -v | 264 running user if compiled with DEBUG_TRACE and running with -v |
| 265 CVE-2016-7409 | 265 CVE-2016-7409 |
| 266 https://secure.ucc.asn.au/hg/dropbear/rev/6a14b1f6dc04 | 266 https://hg.ucc.asn.au/dropbear/rev/6a14b1f6dc04 |
| 267 | 267 |
| 268 The security issues were reported by an anonymous researcher working with | 268 The security issues were reported by an anonymous researcher working with |
| 269 Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html | 269 Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html |
| 270 | 270 |
| 271 - Fix port forwarding failure when connecting to domains that have both | 271 - Fix port forwarding failure when connecting to domains that have both |
| 307 | 307 |
| 308 2016.72 - 9 March 2016 | 308 2016.72 - 9 March 2016 |
| 309 | 309 |
| 310 - Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions, | 310 - Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions, |
| 311 found by github.com/tintinweb. Thanks for Damien Miller for a patch. CVE-2016-3116 | 311 found by github.com/tintinweb. Thanks for Damien Miller for a patch. CVE-2016-3116 |
| 312 https://secure.ucc.asn.au/hg/dropbear/rev/a3e8389e01ff | 312 https://hg.ucc.asn.au/dropbear/rev/a3e8389e01ff |
| 313 | 313 |
| 314 2015.71 - 3 December 2015 | 314 2015.71 - 3 December 2015 |
| 315 | 315 |
| 316 - Fix "bad buf_incrpos" when data is transferred, broke in 2015.69 | 316 - Fix "bad buf_incrpos" when data is transferred, broke in 2015.69 |
| 317 | 317 |
| 588 Patch from Martin Donnelly | 588 Patch from Martin Donnelly |
| 589 | 589 |
| 590 - Limit the size of decompressed payloads, avoids memory exhaustion denial | 590 - Limit the size of decompressed payloads, avoids memory exhaustion denial |
| 591 of service | 591 of service |
| 592 Thanks to Logan Lamb for reporting and investigating it. CVE-2013-4421 | 592 Thanks to Logan Lamb for reporting and investigating it. CVE-2013-4421 |
| 593 https://secure.ucc.asn.au/hg/dropbear/rev/0bf76f54de6f | 593 https://hg.ucc.asn.au/dropbear/rev/0bf76f54de6f |
| 594 | 594 |
| 595 - Avoid disclosing existence of valid users through inconsistent delays | 595 - Avoid disclosing existence of valid users through inconsistent delays |
| 596 Thanks to Logan Lamb for reporting. CVE-2013-4434 | 596 Thanks to Logan Lamb for reporting. CVE-2013-4434 |
| 597 https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a | 597 https://hg.ucc.asn.au/dropbear/rev/d7784616409a |
| 598 | 598 |
| 599 - Update config.guess and config.sub for newer architectures | 599 - Update config.guess and config.sub for newer architectures |
| 600 | 600 |
| 601 - Avoid segfault in server for locked accounts | 601 - Avoid segfault in server for locked accounts |
| 602 | 602 |
| 695 authorized_keys restrictions are used. Could allow arbitrary code execution | 695 authorized_keys restrictions are used. Could allow arbitrary code execution |
| 696 or bypass of the command="..." restriction to an authenticated user. | 696 or bypass of the command="..." restriction to an authenticated user. |
| 697 This bug affects releases 0.52 onwards. Ref CVE-2012-0920. | 697 This bug affects releases 0.52 onwards. Ref CVE-2012-0920. |
| 698 Thanks to Danny Fullerton of Mantor Organization for reporting | 698 Thanks to Danny Fullerton of Mantor Organization for reporting |
| 699 the bug. | 699 the bug. |
| 700 https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749 | 700 https://hg.ucc.asn.au/dropbear/rev/818108bf7749 |
| 701 | 701 |
| 702 - Compile fix, only apply IPV6 socket options if they are available in headers | 702 - Compile fix, only apply IPV6 socket options if they are available in headers |
| 703 Thanks to Gustavo Zacarias for the patch | 703 Thanks to Gustavo Zacarias for the patch |
| 704 | 704 |
| 705 - Overwrite session key memory on exit | 705 - Overwrite session key memory on exit |
| 739 message informing what the port is, thanks to Ali Onur Uyar. | 739 message informing what the port is, thanks to Ali Onur Uyar. |
| 740 | 740 |
| 741 - New version numbering scheme. | 741 - New version numbering scheme. |
| 742 | 742 |
| 743 Source repository has now migrated to Mercurial at | 743 Source repository has now migrated to Mercurial at |
| 744 https://secure.ucc.asn.au/hg/dropbear/graph/default | 744 https://hg.ucc.asn.au/dropbear/graph/default |
| 745 | 745 |
| 746 0.53.1 - Wednesday 2 March 2011 | 746 0.53.1 - Wednesday 2 March 2011 |
| 747 | 747 |
| 748 - -lcrypt needs to be before object files for static linking | 748 - -lcrypt needs to be before object files for static linking |
| 749 | 749 |