Dropbear 2012.55 security release
Matt Johnston
matt at ucc.asn.au
Fri Feb 24 20:22:27 WST 2012
Hi all,
Dropbear 2012.55 is now released, available as usual at
https://matt.ucc.asn.au/dropbear/dropbear.html
This fixes a security bug that could potentially allow
arbitrary code execution as root to a user authenticating
using an authorized_keys file with a command="..."
restriction.
Cheers,
Matt
2012.55 - Wednesday 22 February 2012
- Security: Fix use-after-free bug that could be triggered if command="..."
authorized_keys restrictions are used. Could allow arbitrary code execution
or bypass of the command="..." restriction to an authenticated user.
This bug affects releases 0.52 onwards. Ref CVE-2012-0920.
Thanks to Danny Fullerton of Mantor Organization for reporting
the bug.
- Compile fix, only apply IPV6 socket options if they are available in headers
Thanks to Gustavo Zacarias for the patch
- Overwrite session key memory on exit
- Fix minor memory leak in unusual PAM authentication configurations.
Thanks to Stathis Voukelatos
- Other small code cleanups
More information about the Dropbear
mailing list