CVE request: OpenSSH ~/.k5users patch (Fedora and downstreams)

[Florian Weimer <fweimer () redhat com>]

In a Kerberos environment, the Fedora and Red Hat Enterprise Linux 7 
version of the OpenSSH server allows remote, authenticated users to log 
in as another user if they are listed in a ~/.k5users file of that other 
user.  This unexpectedly alters the system security policy, as expressed 
through the ~/.k5users file, because previously, users would have to log 
in locally, potentially requiring different forms of authentication, 
before they could use the ksu command to switch users.

Red Hat Bugzilla:

  <https://bugzilla.redhat.com/show_bug.cgi?id=1169843>

Patch in upstream bug tracker:

  <https://bugzilla.mindrot.org/show_bug.cgi?id=1867>

--
Florian Weimer / Red Hat Product Security