oss-sec mailing list archives
Some mitigation for openssh CVE-2020-14145
From: Marcus Meissner <meissner () suse de>
Date: Wed, 2 Dec 2020 07:56:27 +0100
Hi, We reviewed the openssh CVE-2020-14145 and the openssh team commited a partial mitigation of this issue which is included in openssh 8.4. https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d I filed a CVE update request to include above. That said, "key/certificate pinning on first connect" is still tricky. Ciao, Marcus
Current thread:
- Some mitigation for openssh CVE-2020-14145 Marcus Meissner (Dec 01)