[Bug 269538] security/openssh-portable
Date: Mon, 13 Feb 2023 21:07:41 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=269538
Bug ID: 269538
Summary: security/openssh-portable
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: Individual Port(s)
Assignee: bdrewery@FreeBSD.org
Reporter: mike@sentex.net
Flags: maintainer-feedback?(bdrewery@FreeBSD.org)
Assignee: bdrewery@FreeBSD.org
Opening a bug report for security/openssh-portable for the vuln database to get
flagged / updated for the 3 sec issues addressed
https://www.openssh.com/releasenotes.html#9.2
* sshd(8): fix a pre-authentication double-free memory fault
introduced in OpenSSH 9.1. This is not believed to be exploitable,
and it occurs in the unprivileged pre-auth process that is
subject to chroot(2) and is further sandboxed on most major
platforms.
* ssh(8): in OpenSSH releases after 8.7, the PermitRemoteOpen option
would ignore its first argument unless it was one of the special
keywords "any" or "none", causing the permission list to fail open
if only one permission was specified. bz3515
* ssh(1): if the CanonicalizeHostname and CanonicalizePermittedCNAMEs
options were enabled, and the system/libc resolver did not check
that names in DNS responses were valid, then use of these options
could allow an attacker with control of DNS to include invalid
characters (possibly including wildcards) in names added to
known_hosts files when they were updated. These names would still
have to match the CanonicalizePermittedCNAMEs allow-list, so
practical exploitation appears unlikely.
--
You are receiving this mail because:
You are the assignee for the bug.