See below found security fixes mentioned in the changelog of openssh 7.0.0 For the fourth one it can be argued that it is only security hardening, not a real vuln. The other ones sound serious enough to deserve a fast security bump. * sshd(8): OpenSSH 6.8 and 6.9 incorrectly set TTYs to be world- writable. Local attackers may be able to write arbitrary messages to logged-in users, including terminal escape sequences. Reported by Nikolay Edigaryev. * sshd(8): Portable OpenSSH only: Fixed a privilege separation weakness related to PAM support. Attackers who could successfully compromise the pre-authentication process for remote code execution and who had valid credentials on the host could impersonate other users. Reported by Moritz Jodeit. * sshd(8): Portable OpenSSH only: Fixed a use-after-free bug related to PAM support that was reachable by attackers who could compromise the pre-authentication process for remote code execution. Also reported by Moritz Jodeit. * sshd(8): fix circumvention of MaxAuthTries using keyboard- interactive authentication. By specifying a long, repeating keyboard-interactive "devices" string, an attacker could request the same authentication method be tried thousands of times in a single pass. The LoginGraceTime timeout in sshd(8) and any authentication failure delays implemented by the authentication mechanism itself were still applied. Found by Kingcope.
the 4th one is already tracked in bug 555518
it's in the tree now, but lacks USE=X509 support. upstream is usually pretty fast there so we can wait a little bit (should anyways to let it bake a bit). http://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b94b01110ca2fb427c039751c0b43cdc8dfd7bb6
I have added USE=X509 support to the ebuild in the tree (didn't bother with a revbump since it's hard masked at the moment). https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=019ed27f297c44d1a851545975353fc99fe6ab05
FTR, The commit which fixes the issue n°2 is: https://github.com/openssh/openssh-portable/commit/d4697fe9a28dab7255c60433e4dd23cf7fce8a8b The commit which fixes the issue n°3 is: https://github.com/openssh/openssh-portable/commit/5e75f5198769056089fb06c4d738ab0e5abc66f7
Maintainer(s), please advise if you when you are ready for stabilization or call for stabilization yourself.
Ping on call for stabilization.
we already have bug 555518 to track newer stable
This issue was resolved and addressed in GLSA 201512-04 at https://security.gentoo.org/glsa/201512-04 by GLSA coordinator Yury German (BlueKnight).
Re-Opening for Cleanup Maintainer(s), please drop the vulnerable version(s).
Cleanup as part of Bug #571892, setting dependency.
Maintainer(s), Thank you for your work.
