[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request: Debian (others?) openssh-server: Forced Command handling leaks priva
From: Kurt Seifried <kseifried () redhat ! com>
Date: 2012-01-28 5:46:22
Message-ID: 4F238BAE.4070203 () redhat ! com
[Download RAW message or body]
> TL;DR anyone shipping OpenSSH portable 5.4 and 5.5 is vulnerable and needs to fix this.
>
> This may also affect OpenSSH 5.4/5.5 (non portable) which I'll test when I get home.
Confirmed the code is basically identical, didn't actually run them to
test (since it's been fixed in OpenBSD for quite some time now).
--
Kurt Seifried Red Hat Security Response Team (SRT)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic