[openssh-commits] [openssh] branch master updated (10dce8ff -> fcf429a4)

git+noreply at mindrot.org git+noreply at mindrot.org
Wed Nov 11 14:11:17 AEDT 2020

This is an automated email from the git hooks/post-receive script.

dtucker pushed a change to branch master
in repository openssh.

      from  10dce8ff  upstream: unbreak; missing NULL check
       new  fcf429a4  Prevent excessively long username going to PAM.

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.

Detailed log of new commits:

commit fcf429a4c69d30d8725612a55b37181594da8ddf
Author: Darren Tucker <dtucker at dtucker.net>
Date:   Wed Nov 11 12:30:46 2020 +1100

    Prevent excessively long username going to PAM.
    This is a mitigation for a buffer overflow in Solaris' PAM username
    handling (CVE-2020-14871), and is only enabled for Sun-derived PAM
    implementations.  This is not a problem in sshd itself, it only
    prevents sshd from being used as a vector to attack Solaris' PAM.
    It does not prevent the bug in PAM from being exploited via some other
    PAM application.
    Based on github PR#212 from Mike Scott but implemented slightly
    differently.  ok tim@ djm@

Summary of changes:
 auth-pam.c | 6 ++++++
 1 file changed, 6 insertions(+)

To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list