mirrors/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2026-01-05 00:32:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
aports/main/openssh/CVE-2015-6565.patch
Natanael Copa 26c30cf5be main/openssh: security fixes from upstream 
ref #4578

CVE-2015-6563:
  sshd(8): Portable OpenSSH only: Fixed a privilege separation
  weakness related to PAM support. Attackers who could successfully
  compromise the pre-authentication process for remote code
  execution and who had valid credentials on the host could
  impersonate other users.  Reported by Moritz Jodeit.

CVE-2015-6564:
  sshd(8): Portable OpenSSH only: Fixed a use-after-free bug related to
  PAM support that was reachable by attackers who could compromise the
  pre-authentication process for remote code execution. Also reported by
  Moritz Jodeit.

CVE-2015-6565:
  sshd(8): OpenSSH 6.8 and 6.9 incorrectly set TTYs to be world-
  writable. Local attackers may be able to write arbitrary messages
  to logged-in users, including terminal escape sequences.
  Reported by Nikolay Edigaryev.
2015-08-26 11:28:34 +02:00

36 lines
1.0 KiB
Diff
Raw Blame History

From 6f941396b6835ad18018845f515b0c4fe20be21a Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Thu, 30 Jul 2015 23:09:15 +0000
Subject: upstream commit
fix pty permissions; patch from Nikolay Edigaryev; ok
deraadt
Upstream-ID: 40ff076d2878b916fbfd8e4f45dbe5bec019e550
---
sshpty.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sshpty.c b/sshpty.c
index 7bb7641..15da8c6 100644
--- a/sshpty.c
+++ b/sshpty.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshpty.c,v 1.29 2014/09/03 18:55:07 djm Exp $ */
+/* $OpenBSD: sshpty.c,v 1.30 2015/07/30 23:09:15 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -197,7 +197,7 @@ pty_setowner(struct passwd *pw, const char *tty)
/* Determine the group to make the owner of the tty. */
grp = getgrnam("tty");
gid = (grp != NULL) ? grp->gr_gid : pw->pw_gid;
- mode = (grp != NULL) ? 0622 : 0600;
+ mode = (grp != NULL) ? 0620 : 0600;
/*
* Change owner and mode of the tty as required.
--
cgit v0.11.2
Reference in New Issue View Git Blame Copy Permalink