lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 17 Sep 2007 12:06:13 -0800
From: Foresight Linux Essential Announcement Service
	<foresight-security-noreply@...esightlinux.org>
To: foresight-security-announce@...ts.rpath.org
Cc: lwn@....net, security-alerts@...uxsecurity.com, bugtraq@...urityfocus.com,
	full-disclosure@...ts.grok.org.uk
Subject: FLEA-2007-0055-1 openssh openssh-client
 openssh-server gnome-ssh-askpass

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Foresight Linux Essential Advisory: 2007-0055-1
Published: 2007-09-17

Rating: Minor

Updated Versions:
    openssh=/conary.rpath.com@rpl:devel//1//foresight.rpath.org@fl:1-devel//1/4.7p1-0.1.1-1
    openssh-client=/conary.rpath.com@rpl:devel//1//foresight.rpath.org@fl:1-devel//1/4.7p1-0.1.1-1
    openssh-server=/conary.rpath.com@rpl:devel//1//foresight.rpath.org@fl:1-devel//1/4.7p1-0.1.1-1
    gnome-ssh-askpass=/conary.rpath.com@rpl:devel//1//foresight.rpath.org@fl:1-devel//1/4.7p1-0.1.1-1
    group-dist=/foresight.rpath.org@fl:1-devel//1/1.3.2-0.19-5

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752
    https://issues.rpath.com/browse/RPL-1706
    http://www.openssh.com/txt/release-4.7

Description:
    Previous versions of openssh could use a trusted X11 cookie if creation
    of an untrusted cookie failed, a minor privilege escalation attack.

- ---

Copyright 2007 Foresight Linux Project
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (GNU/Linux)

iQIVAwUBRu7eIdfwEn07iAtZAQI1mA//QD4v/aBMlEBccfwRbnfqwLPqHIFw/am+
9x5FhyCcp7n/t6vgwt4sYw8LOhUD2HdmRv5dL9zQ5KRB11Ed7nMwBrUje15+tu3h
TkE/NOZxkWUFrrJ6EpFFHkCAhz9zyCvV0HtVkPi+yHYL5N+VYU5Ez/EcB98hXNaG
EWlLwMT1WU230CwP3mb82Tjwah2aLJAVK/jDoieaxfMr0KinBaK9e55sjBuuTrE2
zhvkzlO8MKsL3IHZaK4RtKL6OCBp0aFbzCJTuHnSwkjyrNmQOHft4+szP6GeBEIx
2/A1P/lD78TZHekIRCl+L3FnH9Fe8/SNzFne2FkBYr4EC+7D7iDNkRQaC2gUKOqw
GiweNrUyjfHarJceLxleovfjPY+3eaeAg1gXWaJQe6VmJUksDYHS9gpG+SXuPFkD
WxxKYea1ncql8o98MfogzTzD+gfHJcpmuHn4rPmZ43Q49gxasmqtpbF86+yG7TPg
U/emWMBCCL933nesi6o03Sfchk9P90bN1oWJ2jqI1UnoShsBlQ9X3wDoYjJ9saxD
+N9nRTLuNbBZ+47EP3iRdP6nztFNt/2dDN/b4kFUxg5hxFErSPSOp1jQYdBoKxM7
ymh7ttgTIY0gyT7IgV/CDe0h/3CU2J1NdVqoEiRS1BGBfD3OPv8n/+vN0sz9vjks
wApKQskb83w=
=m8I5
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ