package/openssh: security bump to version 8.8p1 (29b6114a) · Commits · Infra Solutions / Reference Design / platsw / buildroot

Commit 29b6114a authored Oct 07, 2021 by Fabrice Fontaine Committed by Peter Korsgaard Oct 08, 2021

package/openssh: security bump to version 8.8p1

Fix CVE-2021-41617: sshd in OpenSSH 6.2 through 8.x before 8.8, when
certain non-default configurations are used, allows privilege escalation
because supplemental groups are not initialized as expected. Helper
programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may
run with privileges associated with group memberships of the sshd
process, if the configuration specifies running the command as a
different user.

https://www.openssh.com/txt/release-8.8
https://www.openssh.com/txt/release-8.7



Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

parent 7af7546f

Hide whitespace changes

Inline Side-by-side

Please register or to comment