diff options
| author | Baruch Siach <baruch@tkos.co.il> | 2018-10-16 15:31:08 +0300 |
|---|---|---|
| committer | Peter Korsgaard <peter@korsgaard.com> | 2018-10-16 14:45:15 +0200 |
| commit | de24e47d90f64f546978b6ec12f769dc4fd89587 (patch) | |
| tree | fe9c3f3326dcbeca118dcae3074272947d7699de /package/libssh/libssh.mk | |
| parent | ea5525e116c95310777351415b527a3b26078193 (diff) | |
| download | buildroot-de24e47d90f64f546978b6ec12f769dc4fd89587.tar.gz buildroot-de24e47d90f64f546978b6ec12f769dc4fd89587.zip | |
libssh: security bump to version 0.8.4
Fixes CVE-2018-10933: authentication bypass vulnerability in the server
code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in
place of the SSH2_MSG_USERAUTH_REQUEST message which the server would
expect to initiate authentication, the attacker could successfully
authenticate without any credentials.
https://www.libssh.org/security/advisories/CVE-2018-10933.txt
Drop an upstream patch.
Cc: Scott Fan <fancp2007@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/libssh/libssh.mk')
| -rw-r--r-- | package/libssh/libssh.mk | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/package/libssh/libssh.mk b/package/libssh/libssh.mk index 42dcdc48e0..1ef09b3a21 100644 --- a/package/libssh/libssh.mk +++ b/package/libssh/libssh.mk @@ -5,7 +5,7 @@ ################################################################################ LIBSSH_VERSION_MAJOR = 0.8 -LIBSSH_VERSION = $(LIBSSH_VERSION_MAJOR).3 +LIBSSH_VERSION = $(LIBSSH_VERSION_MAJOR).4 LIBSSH_SOURCE = libssh-$(LIBSSH_VERSION).tar.xz LIBSSH_SITE = https://www.libssh.org/files/$(LIBSSH_VERSION_MAJOR) LIBSSH_LICENSE = LGPL-2.1 |
