[Buildroot] [PATCH] libssh: security bump to version 0.8.4
Peter Korsgaard
peter at korsgaard.com
Tue Oct 16 15:59:32 UTC 2018
>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:
> Fixes CVE-2018-10933: authentication bypass vulnerability in the server
> code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in
> place of the SSH2_MSG_USERAUTH_REQUEST message which the server would
> expect to initiate authentication, the attacker could successfully
> authenticate without any credentials.
> https://www.libssh.org/security/advisories/CVE-2018-10933.txt
> Drop an upstream patch.
> Cc: Scott Fan <fancp2007 at gmail.com>
> Signed-off-by: Baruch Siach <baruch at tkos.co.il>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list