Announce: OpenSSH 7.0 released

Bryan Drewery bdrewery at FreeBSD.org
Sat Aug 22 08:21:27 AEST 2015


On 8/11/2015 5:53 AM, Damien Miller wrote:
>  * sshd(8): Portable OpenSSH only: Fixed a privilege separation
>    weakness related to PAM support. Attackers who could successfully
>    compromise the pre-authentication process for remote code
>    execution and who had valid credentials on the host could
>    impersonate other users.  Reported by Moritz Jodeit.
> 
>  * sshd(8): Portable OpenSSH only: Fixed a use-after-free bug
>    related to PAM support that was reachable by attackers who could
>    compromise the pre-authentication process for remote code
>    execution. Also reported by Moritz Jodeit.

Which versions did these first exist in?

-- 
Regards,
Bryan Drewery

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20150821/bf3dcd62/attachment.bin>


More information about the openssh-unix-dev mailing list