Skip to content
Snippets Groups Projects
Commit 39833921 authored by Matt Johnston's avatar Matt Johnston
Browse files

- Improve CHANGES description

parent 4dda424f
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 7 additions and 5 deletions
CHANGES
+ 7
5
View file @ 39833921
2012.55 - Wednesday 22 February 2012
 
- Security: Fix use-after-free bug that could be triggered when multiple command sessions were
made when a command="" authorized_keys restriction was in effect. Possible arbitrary
code execution to an authenticated user, and probable bypass of the command="" restriction.
CVE-2012-0920. Thanks to Danny Fullerton of Mantor Organization for reporting the bug
- Security: Fix use-after-free bug that could be triggered if command="..."
authorized_keys restrictions are used. Could allow arbitrary code execution
or bypass of the command="..." restriction to an authenticated user.
This bug affects releases 0.52 onwards. Ref CVE-2012-0920.
Thanks to Danny Fullerton of Mantor Organization for reporting
the bug.
 
- Compile fix, only apply IPV6 socket options if they are available in headers
Thanks to Gustavo Zacarias for the patch
 
- Clear key memory on exit
- Overwrite session key memory on exit
 
- Fix minor memory leak in unusual PAM authentication configurations.
Thanks to Stathis Voukelatos
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment