[openssh-commits] [openssh] branch master updated (10dce8ff -> fcf429a4)
git+noreply at mindrot.org
git+noreply at mindrot.org
Wed Nov 11 14:11:17 AEDT 2020
This is an automated email from the git hooks/post-receive script.
dtucker pushed a change to branch master
in repository openssh.
from 10dce8ff upstream: unbreak; missing NULL check
new fcf429a4 Prevent excessively long username going to PAM.
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.
Detailed log of new commits:
commit fcf429a4c69d30d8725612a55b37181594da8ddf
Author: Darren Tucker <dtucker at dtucker.net>
Date: Wed Nov 11 12:30:46 2020 +1100
Prevent excessively long username going to PAM.
This is a mitigation for a buffer overflow in Solaris' PAM username
handling (CVE-2020-14871), and is only enabled for Sun-derived PAM
implementations. This is not a problem in sshd itself, it only
prevents sshd from being used as a vector to attack Solaris' PAM.
It does not prevent the bug in PAM from being exploited via some other
PAM application.
Based on github PR#212 from Mike Scott but implemented slightly
differently. ok tim@ djm@
Summary of changes:
auth-pam.c | 6 ++++++
1 file changed, 6 insertions(+)
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list