[Buildroot] [PATCH 1/1] package/openssh: security bump to version 8.8p1
Peter Korsgaard
peter at korsgaard.com
Sat Oct 9 11:50:15 UTC 2021
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> Fix CVE-2021-41617: sshd in OpenSSH 6.2 through 8.x before 8.8, when
> certain non-default configurations are used, allows privilege escalation
> because supplemental groups are not initialized as expected. Helper
> programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may
> run with privileges associated with group memberships of the sshd
> process, if the configuration specifies running the command as a
> different user.
> https://www.openssh.com/txt/release-8.8
> https://www.openssh.com/txt/release-8.7
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed to 2021.02.x, 2021.05.x and 2021.08.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list