[Buildroot] [PATCH] openssh: bump to version 7.5
Peter Korsgaard
peter at korsgaard.com
Thu Mar 30 22:28:19 UTC 2017
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:
>> Signed-off-by: Baruch Siach <baruch at tkos.co.il>
> Committed after updating the commit message to mention that this release
> fixes security issues, thanks:
> Security
> --------
> * ssh(1), sshd(8): Fix weakness in CBC padding oracle countermeasures
> that allowed a variant of the attack fixed in OpenSSH 7.3 to proceed.
> Note that the OpenSSH client disables CBC ciphers by default, sshd
> offers them as lowest-preference options and will remove them by
> default entriely in the next release. Reported by Jean Paul
> Degabriele, Kenny Paterson, Martin Albrecht and Torben Hansen of
> Royal Holloway, University of London.
> * sftp-client(1): [portable OpenSSH only] On Cygwin, a client making
> a recursive file transfer could be maniuplated by a hostile server to
> perform a path-traversal attack. creating or modifying files outside
> of the intended target directory. Reported by Jann Horn of Google
> Project Zero.
Committed to 2017.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list