FreeBSD Bugzilla – Attachment 183651 Details for
Bug 220158
security/dropbear: update to 2017.75
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
vuxml patch
vuxml.patch (text/plain), 1.67 KB, created by
Piotr Kubaj
on 2017-06-20 11:04:13 UTC
(
hide
)
Description:
vuxml patch
Filename:
MIME Type:
Creator:
Piotr Kubaj
Created:
2017-06-20 11:04:13 UTC
Size:
1.67 KB
patch
obsolete
>Index: vuln.xml >=================================================================== >--- vuln.xml (revision 443944) >+++ vuln.xml (working copy) >@@ -58,6 +58,41 @@ > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="60931f98-55a7-11e7-8514-589cfc0654e1"> >+ <topic>Dropbear -- two vulnerabilities</topic> >+ <affects> >+ <package> >+ <name>dropbear</name> >+ <range><lt>2017.75</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Matt Johnston reports:</p> >+ <blockquote cite="https://matt.ucc.asn.au/dropbear/CHANGES"> >+ <p>Fix double-free in server TCP listener cleanup A double-free in >+ the server could be triggered by an authenticated user if dropbear >+ is running with -a (Allow connections to forwarded ports from any >+ host) This could potentially allow arbitrary code execution as root >+ by an authenticated user.</p> >+ <p>Fix information disclosure with ~/.ssh/authorized_keys symlink. >+ Dropbear parsed authorized_keys as root, even if it were a symlink. >+ The fix is to switch to user permissions when opening authorized_keys. >+ </p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <url>https://matt.ucc.asn.au/dropbear/CHANGES</url> >+ <cvename>CVE-2017-9078</cvename> >+ <cvename>CVE-2017-9079</cvename> >+ </references> >+ <dates> >+ <discovery>2017-05-18</discovery> >+ <entry>2017-06-20</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="0c2db2aa-5584-11e7-9a7d-b499baebfeaf"> > <topic>Apache httpd -- several vulnerabilities</topic> > <affects>
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Flags:
pkubaj
:
maintainer-approval+
Actions:
View
|
Diff
Attachments on
bug 220158
:
183650
| 183651 |
183828
|
184020