diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2015-08-26 11:28:34 +0200 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2015-08-26 10:06:26 +0000 |
| commit | 9f54596949dd38f889aab1798292ffe1c3bc7ed3 (patch) | |
| tree | 2f3adc5c6a870267be1dc68ce4901a79983f924e /main/sems | |
| parent | 3258276769d93b7859db17fb0ed1e7e3a33b8d1c (diff) | |
| download | aports-9f54596949dd38f889aab1798292ffe1c3bc7ed3.tar.bz2 aports-9f54596949dd38f889aab1798292ffe1c3bc7ed3.tar.xz | |
main/openssh: security fixes from upstream
fixes #4579
CVE-2015-6563:
sshd(8): Portable OpenSSH only: Fixed a privilege separation
weakness related to PAM support. Attackers who could successfully
compromise the pre-authentication process for remote code
execution and who had valid credentials on the host could
impersonate other users. Reported by Moritz Jodeit.
CVE-2015-6564:
sshd(8): Portable OpenSSH only: Fixed a use-after-free bug related to
PAM support that was reachable by attackers who could compromise the
pre-authentication process for remote code execution. Also reported by
Moritz Jodeit.
CVE-2015-6565:
sshd(8): OpenSSH 6.8 and 6.9 incorrectly set TTYs to be world-
writable. Local attackers may be able to write arbitrary messages
to logged-in users, including terminal escape sequences.
Reported by Nikolay Edigaryev.
(cherry picked from commit 26c30cf5be4151eee04678ad118d056de0601833)
Diffstat (limited to 'main/sems')
0 files changed, 0 insertions, 0 deletions