Re: [OE-core] [PATCH] openssh: Security Advisory - openssh - CVE-2016-10010

Alexander Kanavin Wed, 25 Jan 2017 04:09:37 -0800

On 01/25/2017 07:19 AM, Li Zhou wrote:

sshd in OpenSSH before 7.4, when privilege separation is not used,
creates forwarded Unix-domain sockets as root, which might allow
local users to gain privileges via unspecified vectors, related to
serverloop.c.


Porting patch from <https://github.com/openbsd/src/commit/
c76fac666ea038753294f2ac94d310f8adece9ce> to solve CVE-2016-10010.
Adapted the patch to solve context issues.

Please update openssh to 7.4 instead, there is no need to backport fixesto master branch, if the issue can be solved by updating the recipe version.


Alex

--
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH] openssh: Security Advisory - openssh - CVE-2016-10010

Reply via email to