oss-sec mailing list archives

Some mitigation for openssh CVE-2020-14145

From: Marcus Meissner <meissner () suse de>
Date: Wed, 2 Dec 2020 07:56:27 +0100

Hi,

We reviewed the openssh CVE-2020-14145 and the openssh team commited
a partial mitigation of this issue which is included in openssh 8.4.

https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d

I filed a CVE update request to include above.

That said, "key/certificate pinning on first connect" is still tricky.

Ciao, Marcus

Current thread:

Some mitigation for openssh CVE-2020-14145 Marcus Meissner (Dec 01)