[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/security/openssh
Module Name: pkgsrc
Committed By: taca
Date: Tue Sep 16 12:53:08 UTC 2008
pkgsrc/security/openssh: Makefile PLIST distinfo options.mk
pkgsrc/security/openssh/patches: patch-ac patch-ag
pkgsrc/security/openssh/patches: patch-as patch-at patch-ax
Update openssh package to 5.1.1 (5.1p1)
Changes from OpenSSH 5.0 is huge to write here, please refer its
release note: http://www.openssh.com/txt/release-5.1.
I quote only Security section from the release note.
* sshd(8): Avoid X11 man-in-the-middle attack on HP/UX (and possibly
other platforms) when X11UseLocalhost=no
When attempting to bind(2) to a port that has previously been bound
with SO_REUSEADDR set, most operating systems check that either the
effective user-id matches the previous bind (common on BSD-derived
systems) or that the bind addresses do not overlap (Linux and
Some operating systems, such as HP/UX, do not perform these checks
and are vulnerable to an X11 man-in-the-middle attack when the
sshd_config(5) option X11UseLocalhost has been set to "no" - an
attacker may establish a more-specific bind, which will be used in
preference to sshd's wildcard listener.
Modern BSD operating systems, Linux, OS X and Solaris implement the
above checks and are not vulnerable to this attack, nor are systems
where the X11UseLocalhost has been left at the default value of
Portable OpenSSH 5.1 avoids this problem for all operating systems
by not setting SO_REUSEADDR when X11UseLocalhost is set to no.
This vulnerability was reported by sway2004009 AT hotmail.com.
To generate a diff of this commit:
cvs rdiff -r1.189 -r1.190 pkgsrc/security/openssh/Makefile
cvs rdiff -r1.11 -r1.12 pkgsrc/security/openssh/PLIST
cvs rdiff -r1.70 -r1.71 pkgsrc/security/openssh/distinfo
cvs rdiff -r1.15 -r1.16 pkgsrc/security/openssh/options.mk
cvs rdiff -r1.16 -r1.17 pkgsrc/security/openssh/patches/patch-ac
cvs rdiff -r1.9 -r1.10 pkgsrc/security/openssh/patches/patch-ag
cvs rdiff -r1.5 -r0 pkgsrc/security/openssh/patches/patch-as
cvs rdiff -r1.7 -r0 pkgsrc/security/openssh/patches/patch-at
cvs rdiff -r1.6 -r0 pkgsrc/security/openssh/patches/patch-ax
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Main Index |
Thread Index |