Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20160316094336.44ade7ea@redhat.com>
Date: Wed, 16 Mar 2016 09:43:36 +0100
From: Tomas Hoger <thoger@...hat.com>
To: Gsunde Orangen <gsunde.orangen@...il.com>
Cc: oss-security@...ts.openwall.com, cve-assign@...re.org
Subject: Re: Re: Announce: Portable OpenSSH 7.2p2 released

On Fri, 11 Mar 2016 12:34:58 +0100 Gsunde Orangen wrote:

> It should be noted, that the new openSSH 7.2p2 also includes the fix for
> CVE-2016-1908 as it had been assigned here:
> http://seclists.org/oss-sec/2016/q1/115
> 
> * SECURITY: Eliminate the fallback from untrusted X11-forwarding to
>   trusted forwarding for cases when the X server disables the
>   SECURITY extension. Reported by Thomas Hoger.

7.2p2 includes the fix, but it's not the first version that includes
it.  I see it documented in 7.2 release:

http://www.openssh.com/txt/release-7.2

 * ssh(1): eliminate fallback from untrusted X11 forwarding to
   trusted forwarding when the X server disables the SECURITY
   extension.

and patches included in 7.2p1 already.

-- 
Tomas Hoger / Red Hat Product Security

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.