]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 1a965b2) | patch
openssh: fix for CVE-2014-2532
authorChen Qi <Qi.Chen@windriver.com>
Tue, 13 May 2014 07:46:26 +0000 (15:46 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Thu, 29 May 2014 12:42:10 +0000 (13:42 +0100)
commite5786afbfa79e1288d1df2401684c4c151c60406
treee5f8fbfeb622abd0c923034ea406e15bc5ad8398tree | snapshot
parent1a965b2ecca07d231a8058e453cbeafacc5b6c69commit | diff
openssh: fix for CVE-2014-2532

sshd in OpenSSH before 6.6 does not properly support wildcards on
AcceptEnv lines in sshd_config, which allows remote attackers to
bypass intended environment restrictions by using a substring located
before a wildcard character.

(From OE-Core rev: a8d3b8979c27a8dc87971b66a1d9d9282f660596)

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-connectivity/openssh/openssh_6.5p1.bb
meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch [new file with mode: 0644] blob
meta/recipes-connectivity/openssh/openssh_6.5p1.bb diff | blob | history
Mirror of the official openembedded-core repository