ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-01-31 02:46:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

- Improve CHANGES description

Browse Source
This commit is contained in:
Matt Johnston 2012-02-23 21:45:36 +08:00
parent 4dda424f74
commit 398339218e
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CHANGES
View File

@ -1,14 +1,16 @@
2012.55 - Wednesday 22 February 2012 2012.55 - Wednesday 22 February 2012
- Security: Fix use-after-free bug that could be triggered when multiple command sessions were - Security: Fix use-after-free bug that could be triggered if command="..."
made when a command="" authorized_keys restriction was in effect. Possible arbitrary authorized_keys restrictions are used. Could allow arbitrary code execution
code execution to an authenticated user, and probable bypass of the command="" restriction. or bypass of the command="..." restriction to an authenticated user.
CVE-2012-0920. Thanks to Danny Fullerton of Mantor Organization for reporting the bug This bug affects releases 0.52 onwards. Ref CVE-2012-0920.
Thanks to Danny Fullerton of Mantor Organization for reporting
the bug.
- Compile fix, only apply IPV6 socket options if they are available in headers - Compile fix, only apply IPV6 socket options if they are available in headers
Thanks to Gustavo Zacarias for the patch Thanks to Gustavo Zacarias for the patch
- Clear key memory on exit - Overwrite session key memory on exit
- Fix minor memory leak in unusual PAM authentication configurations. - Fix minor memory leak in unusual PAM authentication configurations.
Thanks to Stathis Voukelatos Thanks to Stathis Voukelatos