diff options
| author | Baruch Siach <baruch@tkos.co.il> | 2018-10-16 15:31:08 +0300 |
|---|---|---|
| committer | Peter Korsgaard <peter@korsgaard.com> | 2018-10-16 14:45:15 +0200 |
| commit | de24e47d90f64f546978b6ec12f769dc4fd89587 (patch) | |
| tree | fe9c3f3326dcbeca118dcae3074272947d7699de /package/libssh/libssh.hash | |
| parent | ea5525e116c95310777351415b527a3b26078193 (diff) | |
| download | buildroot-de24e47d90f64f546978b6ec12f769dc4fd89587.tar.gz buildroot-de24e47d90f64f546978b6ec12f769dc4fd89587.zip | |
libssh: security bump to version 0.8.4
Fixes CVE-2018-10933: authentication bypass vulnerability in the server
code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in
place of the SSH2_MSG_USERAUTH_REQUEST message which the server would
expect to initiate authentication, the attacker could successfully
authenticate without any credentials.
https://www.libssh.org/security/advisories/CVE-2018-10933.txt
Drop an upstream patch.
Cc: Scott Fan <fancp2007@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/libssh/libssh.hash')
| -rw-r--r-- | package/libssh/libssh.hash | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/package/libssh/libssh.hash b/package/libssh/libssh.hash index 1810545daa..257b93cb61 100644 --- a/package/libssh/libssh.hash +++ b/package/libssh/libssh.hash @@ -1,5 +1,5 @@ # Locally calculated after checking pgp signature -# https://www.libssh.org/files/0.8/libssh-0.8.3.tar.xz.asc +# https://www.libssh.org/files/0.8/libssh-0.8.4.tar.xz.asc # with key 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D -sha256 302f31f606f2368cd3ce77d7a69f7464c18eae176e73e59102e0524401bd29d0 libssh-0.8.3.tar.xz +sha256 6bb07713021a8586ba2120b2c36c468dc9ac8096d043f9b1726639aa4275b81b libssh-0.8.4.tar.xz sha256 468cf08f784ef6fd3b3705b60dd8111e2b70fbb8f6549cd503665a6bbb3bc625 COPYING |
