Dropbear 2016.72
Konstantin Tokarev
annulen at yandex.ru
Sat Mar 12 03:45:45 AWST 2016
10.03.2016, 15:59, "Matt Johnston" <matt at ucc.asn.au>:
> Hi all,
>
> Dropbear SSH 2016.72 is released. This has a single change, a
> security fix. If X11 forwarding is enabled a user could
> bypass any "command=" restrictions in authorized_keys and run
> any command as their own user (or perform other operations
> allowed by the "xauth" binary such as writing files). It
> does not affect systems where command= restrictions are not
> used.
>
> As usual downloads are at https://matt.ucc.asn.au/dropbear/dropbear.html
>
> The patch is https://secure.ucc.asn.au/hg/dropbear/rev/a3e8389e01ff
Hi Matt,
Are you planning to make a release from master?
Thanks!
--
Regards,
Konstantin
More information about the Dropbear
mailing list