[openssh-commits] [openssh] branch master updated (5f41f03 -> 3b54a8f)

git+noreply at mindrot.org git+noreply at mindrot.org
Wed Apr 13 10:44:26 AEST 2016

This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

      from  5f41f03   Remove NO_IPPORT_RESERVED_CONCEPT
       new  dce19bf   upstream commit
       new  3b54a8f   ignore PAM environment vars when UseLogin=yes

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.

Detailed log of new commits:

commit 3b54a8fe53711c494286c073bc033f98edeaddc4
Author: Damien Miller <djm at mindrot.org>
Date:   Wed Apr 13 10:39:57 2016 +1000

    ignore PAM environment vars when UseLogin=yes
    If PAM is configured to read user-specified environment variables
    and UseLogin=yes in sshd_config, then a hostile local user may
    attack /bin/login via LD_PRELOAD or similar environment variables
    set via PAM.
    CVE-2015-8325, found by Shayan S, via Colin Watson

commit dce19bf6e4a2a3d0b13a81224de63fc316461ab9
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Sat Apr 9 12:39:30 2016 +0000

    upstream commit
    make private key loading functions consistently handle NULL
     key pointer arguments; ok markus@
    Upstream-ID: 92038726ef4a338169c35dacc9c5a07fcc7fa761

Summary of changes:
 authfile.c | 34 ++++++++++++++++++++++------------
 session.c  |  2 +-
 sshkey.c   | 40 ++++++++++++++++++++++++----------------
 3 files changed, 47 insertions(+), 29 deletions(-)

To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list