|
|
fixes #4579
CVE-2015-6563:
sshd(8): Portable OpenSSH only: Fixed a privilege separation
weakness related to PAM support. Attackers who could successfully
compromise the pre-authentication process for remote code
execution and who had valid credentials on the host could
impersonate other users. Reported by Moritz Jodeit.
CVE-2015-6564:
sshd(8): Portable OpenSSH only: Fixed a use-after-free bug related to
PAM support that was reachable by attackers who could compromise the
pre-authentication process for remote code execution. Also reported by
Moritz Jodeit.
CVE-2015-6565:
sshd(8): OpenSSH 6.8 and 6.9 incorrectly set TTYs to be world-
writable. Local attackers may be able to write arbitrary messages
to logged-in users, including terminal escape sequences.
Reported by Nikolay Edigaryev.
(cherry picked from commit 26c30cf5be4151eee04678ad118d056de0601833)
|
