pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/security/openssh

Module Name:    pkgsrc
Committed By:   taca
Date:           Tue Sep 16 12:53:08 UTC 2008

Modified Files:
        pkgsrc/security/openssh: Makefile PLIST distinfo
        pkgsrc/security/openssh/patches: patch-ac patch-ag
Removed Files:
        pkgsrc/security/openssh/patches: patch-as patch-at patch-ax

Log Message:
Update openssh package to 5.1.1 (5.1p1)

Changes from OpenSSH 5.0 is huge to write here, please refer its
release note:
I quote only Security section from the release note.


 * sshd(8): Avoid X11 man-in-the-middle attack on HP/UX (and possibly
   other platforms) when X11UseLocalhost=no

   When attempting to bind(2) to a port that has previously been bound
   with SO_REUSEADDR set, most operating systems check that either the
   effective user-id matches the previous bind (common on BSD-derived
   systems) or that the bind addresses do not overlap (Linux and

   Some operating systems, such as HP/UX, do not perform these checks
   and are vulnerable to an X11 man-in-the-middle attack when the
   sshd_config(5) option X11UseLocalhost has been set to "no" - an
   attacker may establish a more-specific bind, which will be used in
   preference to sshd's wildcard listener.

   Modern BSD operating systems, Linux, OS X and Solaris implement the
   above checks and are not vulnerable to this attack, nor are systems
   where the X11UseLocalhost has been left at the default value of

   Portable OpenSSH 5.1 avoids this problem for all operating systems
   by not setting SO_REUSEADDR when X11UseLocalhost is set to no.

   This vulnerability was reported by sway2004009 AT

To generate a diff of this commit:
cvs rdiff -r1.189 -r1.190 pkgsrc/security/openssh/Makefile
cvs rdiff -r1.11 -r1.12 pkgsrc/security/openssh/PLIST
cvs rdiff -r1.70 -r1.71 pkgsrc/security/openssh/distinfo
cvs rdiff -r1.15 -r1.16 pkgsrc/security/openssh/
cvs rdiff -r1.16 -r1.17 pkgsrc/security/openssh/patches/patch-ac
cvs rdiff -r1.9 -r1.10 pkgsrc/security/openssh/patches/patch-ag
cvs rdiff -r1.5 -r0 pkgsrc/security/openssh/patches/patch-as
cvs rdiff -r1.7 -r0 pkgsrc/security/openssh/patches/patch-at
cvs rdiff -r1.6 -r0 pkgsrc/security/openssh/patches/patch-ax

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Home | Main Index | Thread Index | Old Index