[Buildroot] [PATCH] libssh: security bump to version 0.8.4

Peter Korsgaard peter at korsgaard.com
Tue Oct 16 15:59:32 UTC 2018


>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:

 > Fixes CVE-2018-10933: authentication bypass vulnerability in the server
 > code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in
 > place of the SSH2_MSG_USERAUTH_REQUEST message which the server would
 > expect to initiate authentication, the attacker could successfully
 > authenticate without any credentials.

 >   https://www.libssh.org/security/advisories/CVE-2018-10933.txt

 > Drop an upstream patch.

 > Cc: Scott Fan <fancp2007 at gmail.com>
 > Signed-off-by: Baruch Siach <baruch at tkos.co.il>

Committed, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list