openwrtv4/package/network/services
Kevin Darbyshire-Bryant 6e10fc74fd dropbear: bump to 2017.75
- Security: Fix double-free in server TCP listener cleanup A double-free
in the server could be triggered by an authenticated user if dropbear is
running with -a (Allow connections to forwarded ports from any host)
This could potentially allow arbitrary code execution as root by an
authenticated user.  Affects versions 2013.56 to 2016.74. Thanks to Mark
Shepard for reporting the crash.
CVE-2017-9078 https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c

- Security: Fix information disclosure with ~/.ssh/authorized_keys
symlink.  Dropbear parsed authorized_keys as root, even if it were a
symlink.  The fix is to switch to user permissions when opening
authorized_keys

A user could symlink their ~/.ssh/authorized_keys to a root-owned file
they couldn't normally read. If they managed to get that file to contain
valid authorized_keys with command= options it might be possible to read
other contents of that file.
This information disclosure is to an already authenticated user.
Thanks to Jann Horn of Google Project Zero for reporting this.
CVE-2017-9079 https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123

Refresh patches, rework 100-pubkey_path.patch to work with new
authorized_keys validation.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-05-21 23:56:17 +02:00
..
authsae treewide: clean up and unify PKG_VERSION for git based downloads 2016-12-22 16:42:21 +01:00
dnsmasq dnsmasq: add IPv6 nameserver configuration in server mode 2017-05-16 22:27:02 +02:00
dropbear dropbear: bump to 2017.75 2017-05-21 23:56:17 +02:00
ead network/services/ead: drop Build/Prepare rule in favor of default one 2016-10-15 11:36:52 +02:00
hostapd mac80211, hostapd: always explicitly set beacon interval 2017-05-13 17:12:54 +02:00
igmpproxy treewide: clean up download hashes 2016-12-16 22:39:22 +01:00
ipset-dns treewide: clean up and unify PKG_VERSION for git based downloads 2016-12-22 16:42:21 +01:00
lldpd lldpd: drop specific respawn params [use system-wide] 2017-05-18 08:14:26 +02:00
odhcpd odhcpd: update to git HEAD version 2017-05-15 22:30:39 +02:00
omcproxy omcproxy: Update to latest HEAD 2017-03-01 17:19:51 -08:00
openvpn openvpn: update to v2.4.2 2017-05-12 11:54:48 +02:00
openvpn-easy-rsa treewide: clean up and unify PKG_VERSION for git based downloads 2016-12-22 16:42:21 +01:00
ppp ppp: propagate master peerdns setting to dynamic slave interface 2017-03-07 11:26:39 +01:00
relayd relayd: fix making incomplete instance json data 2017-02-25 20:16:59 +08:00
samba36 ccache, samba36: fix samba.org addresses to use https 2017-02-02 00:14:03 +01:00
uhttpd uhttpd: Enable integrated Lua by default 2017-05-16 16:57:01 +02:00
umdns umdns: update to the version 2017-03-21 2017-03-21 23:14:55 +01:00