diff options
| author | Baruch Siach <baruch@tkos.co.il> | 2019-02-12 14:13:04 +0200 |
|---|---|---|
| committer | Peter Korsgaard <peter@korsgaard.com> | 2019-02-12 19:59:11 +0100 |
| commit | 7fe3741bc4197f6bff48236f357f5db1269586c7 (patch) | |
| tree | 4ae302062d20a3660655fd8e3f3baba607b0d70b /package/libcpprestsdk/0001-libcpprestsdk-fix-building-as-a-static-library.patch | |
| parent | fb741b03a93880093be4a36b58ec93edd83057d9 (diff) | |
| download | buildroot-7fe3741bc4197f6bff48236f357f5db1269586c7.tar.gz buildroot-7fe3741bc4197f6bff48236f357f5db1269586c7.zip | |
openssh: add upstream security fixes
CVE-2019-6109: Due to missing character encoding in the progress
display, a malicious server (or Man-in-The-Middle attacker) can employ
crafted object names to manipulate the client output, e.g., by using
ANSI control codes to hide additional files being transferred. This
affects refresh_progress_meter() in progressmeter.c.
CVE-2019-6111: Due to the scp implementation being derived from 1983
rcp, the server chooses which files/directories are sent to the client.
However, the scp client only performs cursory validation of the object
name returned (only directory traversal attacks are prevented). A
malicious scp server (or Man-in-The-Middle attacker) can overwrite
arbitrary files in the scp client target directory. If recursive
operation (-r) is performed, the server can manipulate subdirectories as
well (for example, to overwrite the .ssh/authorized_keys file).
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/libcpprestsdk/0001-libcpprestsdk-fix-building-as-a-static-library.patch')
0 files changed, 0 insertions, 0 deletions
