projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fb741b0) | patch
openssh: add upstream security fixes
authorBaruch Siach <baruch@tkos.co.il>
Tue, 12 Feb 2019 12:13:04 +0000 (14:13 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Tue, 12 Feb 2019 18:59:11 +0000 (19:59 +0100)
commit7fe3741bc4197f6bff48236f357f5db1269586c7
tree4ae302062d20a3660655fd8e3f3baba607b0d70btree
parentfb741b03a93880093be4a36b58ec93edd83057d9commit | diff
openssh: add upstream security fixes

CVE-2019-6109: Due to missing character encoding in the progress
display, a malicious server (or Man-in-The-Middle attacker) can employ
crafted object names to manipulate the client output, e.g., by using
ANSI control codes to hide additional files being transferred. This
affects refresh_progress_meter() in progressmeter.c.

CVE-2019-6111: Due to the scp implementation being derived from 1983
rcp, the server chooses which files/directories are sent to the client.
However, the scp client only performs cursory validation of the object
name returned (only directory traversal attacks are prevented). A
malicious scp server (or Man-in-The-Middle attacker) can overwrite
arbitrary files in the scp client target directory. If recursive
operation (-r) is performed, the server can manipulate subdirectories as
well (for example, to overwrite the .ssh/authorized_keys file).

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/openssh/0002-upstream-Sanitize-scp-filenames-via-snmprintf.-To-do.patch [new file with mode: 0644] blob
package/openssh/0003-upstream-check-in-scp-client-that-filenames-sent-dur.patch [new file with mode: 0644] blob