summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssh/openssh/CVE-2015-5600.patch
Commit message (Collapse)AuthorAgeFilesLines
* openssh: Backport CVE-2015-5600 fixHaris Okanovic2015-12-081-0/+50
only query each keyboard-interactive device once per authentication request regardless of how many times it is listed Source: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c?f=h#rev1.43 http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c.diff?r2=1.43&r1=1.42&f=u Bug report: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5600 https://bugzilla.redhat.com/show_bug.cgi?id=1245969 Testing: Built in Fido and installed to x86_64 test system. Verified both 'keyboard-interactive' and 'publickey' logon works with root and a regular user from an openssh 7.1p1-1 client on Arch. (From OE-Core rev: 433f66ba6c79cf49e29251af0985baf5c4b79e23) Signed-off-by: Haris Okanovic <haris.okanovic@ni.com> Reviewed-by: Rich Tollerton <rich.tollerton@ni.com> Reviewed-by: Ken Sharp <ken.sharp@ni.com> Natinst-ReviewBoard-ID: 115602 Natinst-CAR-ID: 541263 Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
OpenPOWER on IntegriCloud