oss-sec mailing list archives
Re: Re: Announce: Portable OpenSSH 7.2p2 released
From: Tomas Hoger <thoger () redhat com>
Date: Wed, 16 Mar 2016 09:43:36 +0100
On Fri, 11 Mar 2016 12:34:58 +0100 Gsunde Orangen wrote:
It should be noted, that the new openSSH 7.2p2 also includes the fix for CVE-2016-1908 as it had been assigned here: http://seclists.org/oss-sec/2016/q1/115 * SECURITY: Eliminate the fallback from untrusted X11-forwarding to trusted forwarding for cases when the X server disables the SECURITY extension. Reported by Thomas Hoger.
7.2p2 includes the fix, but it's not the first version that includes it. I see it documented in 7.2 release: http://www.openssh.com/txt/release-7.2 * ssh(1): eliminate fallback from untrusted X11 forwarding to trusted forwarding when the X server disables the SECURITY extension. and patches included in 7.2p1 already. -- Tomas Hoger / Red Hat Product Security
Current thread:
- Announce: Portable OpenSSH 7.2p2 released Damien Miller (Mar 10)
- Re: Announce: Portable OpenSSH 7.2p2 released cve-assign (Mar 10)
- Re: Re: Announce: Portable OpenSSH 7.2p2 released Gsunde Orangen (Mar 11)
- Re: Re: Announce: Portable OpenSSH 7.2p2 released Tomas Hoger (Mar 16)
- Re: Re: Announce: Portable OpenSSH 7.2p2 released Gsunde Orangen (Mar 11)
- Re: Announce: Portable OpenSSH 7.2p2 released cve-assign (Mar 10)