[Buildroot] [PATCH 1/1] package/openssh: security bump to version 8.5p1

Peter Korsgaard peter at korsgaard.com
Mon Mar 29 19:53:39 UTC 2021

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:

 >  * ssh-agent(1): fixed a double-free memory corruption that was
 >    introduced in OpenSSH 8.2 . We treat all such memory faults as
 >    potentially exploitable. This bug could be reached by an attacker
 >    with access to the agent socket.

 >    On modern operating systems where the OS can provide information
 >    about the user identity connected to a socket, OpenSSH ssh-agent
 >    and sshd limit agent socket access only to the originating user
 >    and root. Additional mitigation may be afforded by the system's
 >    malloc(3)/free(3) implementation, if it detects double-free
 >    conditions.

 >    The most likely scenario for exploitation is a user forwarding an
 >    agent either to an account shared with a malicious user or to a
 >    host with an attacker holding root access.

 >  * Portable sshd(8): Prevent excessively long username going to PAM.
 >    This is a mitigation for a buffer overflow in Solaris' PAM username
 >    handling (CVE-2020-14871), and is only enabled for Sun-derived PAM
 >    implementations.  This is not a problem in sshd itself, it only
 >    prevents sshd from being used as a vector to attack Solaris' PAM.
 >    It does not prevent the bug in PAM from being exploited via some
 >    other PAM application. GHPR#212

 > Also license has been updated to add some openbsd-compat licenses:
 > https://github.com/openssh/openssh-portable/commit/922cfac5ed5ead9f796f7d39f012dd653dc5c173

 > https://www.openssh.com/txt/release-8.5

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>

Committed to 2020.02.x, 2020.11.x and 2021.02.x, thanks.

Bye, Peter Korsgaard

More information about the buildroot mailing list