CVS commit: pkgsrc/security/openssh

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security/openssh
From: Takahiro Kambe <taca%netbsd.org@localhost>
Date: Tue, 16 Sep 2008 12:53:08 +0000 (UTC)

Module Name:    pkgsrc
Committed By:   taca
Date:           Tue Sep 16 12:53:08 UTC 2008

Modified Files:
        pkgsrc/security/openssh: Makefile PLIST distinfo options.mk
        pkgsrc/security/openssh/patches: patch-ac patch-ag
Removed Files:
        pkgsrc/security/openssh/patches: patch-as patch-at patch-ax

Log Message:
Update openssh package to 5.1.1 (5.1p1)

Changes from OpenSSH 5.0 is huge to write here, please refer its
release note: http://www.openssh.com/txt/release-5.1.
I quote only Security section from the release note.

Security:

 * sshd(8): Avoid X11 man-in-the-middle attack on HP/UX (and possibly
   other platforms) when X11UseLocalhost=no

   When attempting to bind(2) to a port that has previously been bound
   with SO_REUSEADDR set, most operating systems check that either the
   effective user-id matches the previous bind (common on BSD-derived
   systems) or that the bind addresses do not overlap (Linux and
   Solaris).

   Some operating systems, such as HP/UX, do not perform these checks
   and are vulnerable to an X11 man-in-the-middle attack when the
   sshd_config(5) option X11UseLocalhost has been set to "no" - an
   attacker may establish a more-specific bind, which will be used in
   preference to sshd's wildcard listener.

   Modern BSD operating systems, Linux, OS X and Solaris implement the
   above checks and are not vulnerable to this attack, nor are systems
   where the X11UseLocalhost has been left at the default value of
   "yes".

   Portable OpenSSH 5.1 avoids this problem for all operating systems
   by not setting SO_REUSEADDR when X11UseLocalhost is set to no.

   This vulnerability was reported by sway2004009 AT hotmail.com.


To generate a diff of this commit:
cvs rdiff -r1.189 -r1.190 pkgsrc/security/openssh/Makefile
cvs rdiff -r1.11 -r1.12 pkgsrc/security/openssh/PLIST
cvs rdiff -r1.70 -r1.71 pkgsrc/security/openssh/distinfo
cvs rdiff -r1.15 -r1.16 pkgsrc/security/openssh/options.mk
cvs rdiff -r1.16 -r1.17 pkgsrc/security/openssh/patches/patch-ac
cvs rdiff -r1.9 -r1.10 pkgsrc/security/openssh/patches/patch-ag
cvs rdiff -r1.5 -r0 pkgsrc/security/openssh/patches/patch-as
cvs rdiff -r1.7 -r0 pkgsrc/security/openssh/patches/patch-at
cvs rdiff -r1.6 -r0 pkgsrc/security/openssh/patches/patch-ax

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: Re: CVS commit: pkgsrc/x11/pixman
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/x11/xteddy
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index