summaryrefslogtreecommitdiff
path: root/debian/changelog
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2015-08-19 18:34:29 +0100
committerColin Watson <cjwatson@debian.org>2015-08-19 18:37:32 +0100
commitd2d9171e73cd2db10fabf9dd4924d3dcd5f13c7a (patch)
treedeedfca8dcc980d858d5caacbde773e44a081bc2 /debian/changelog
parenta608a63196dbda54e9bdd656baa253c56e76bace (diff)
parentc0ec3def4bec4afe1cad9e99081e658200b13a02 (diff)
Backport PAM security fixes.
- sshd(8): Fixed a privilege separation weakness related to PAM support. Attackers who could successfully compromise the pre-authentication process for remote code execution and who had valid credentials on the host could impersonate other users. Reported by Moritz Jodeit. - sshd(8): Fixed a use-after-free bug related to PAM support that was reachable by attackers who could compromise the pre-authentication process for remote code execution (closes: #795711). Also reported by Moritz Jodeit.
Diffstat (limited to 'debian/changelog')
-rw-r--r--debian/changelog8
1 files changed, 8 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 6c851b644..8e8e9d778 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -136,6 +136,14 @@ openssh (1:6.9p1-1) UNRELEASED; urgency=medium
136 world-writable. Local attackers may be able to write arbitrary 136 world-writable. Local attackers may be able to write arbitrary
137 messages to logged-in users, including terminal escape sequences. 137 messages to logged-in users, including terminal escape sequences.
138 Reported by Nikolay Edigaryev. 138 Reported by Nikolay Edigaryev.
139 - sshd(8): Fixed a privilege separation weakness related to PAM support.
140 Attackers who could successfully compromise the pre-authentication
141 process for remote code execution and who had valid credentials on the
142 host could impersonate other users. Reported by Moritz Jodeit.
143 - sshd(8): Fixed a use-after-free bug related to PAM support that was
144 reachable by attackers who could compromise the pre-authentication
145 process for remote code execution (closes: #795711). Also reported by
146 Moritz Jodeit.
139 * Thanks to Jakub Jelen of Red Hat for Fedora's rebased version of the 147 * Thanks to Jakub Jelen of Red Hat for Fedora's rebased version of the
140 GSSAPI key exchange patch. 148 GSSAPI key exchange patch.
141 149