[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request: Debian (others?) openssh-server: Forced Command handling leaks priva
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2012-01-28 5:46:22
Message-ID: 4F238BAE.4070203 () redhat ! com
[Download RAW message or body]


> TL;DR anyone shipping OpenSSH portable 5.4 and 5.5 is vulnerable and needs to fix this.
> 
> This may also affect OpenSSH 5.4/5.5 (non portable) which I'll test when I get home.

Confirmed the code is basically identical, didn't actually run them to
test (since it's been fixed in OpenBSD for quite some time now).


-- 
Kurt Seifried Red Hat Security Response Team (SRT)
[prev in list] [next in list] [prev in thread] [next in thread]