Summary: | <net-misc/openssh-{7.5_p1-r3,7.6_p1}: sftp-server was incorrectly permitting creation of zero-length files | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2017/10/03/14 | ||
See Also: | https://github.com/gentoo/gentoo/pull/6206 | ||
Whiteboard: | A3 [glsa cve] | ||
Package list: |
=net-misc/openssh-7.5_p1-r3
|
Runtime testing required: | --- |
Description
Agostino Sarubbo
2017-10-04 06:34:00 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=713e5d3b63b36aa4cc6e47fb47214142dbc8d23c commit 713e5d3b63b36aa4cc6e47fb47214142dbc8d23c Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2017-11-14 22:14:56 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2017-11-14 22:15:11 +0000 net-misc/openssh: Rev bump to fix CVE-2017-15906 Bug: https://bugs.gentoo.org/633428 Package-Manager: Portage-2.3.13, Repoman-2.3.4 .../files/openssh-7.5_p1-CVE-2017-15906.patch | 31 ++ net-misc/openssh/openssh-7.5_p1-r3.ebuild | 332 +++++++++++++++++++++ 2 files changed, 363 insertions(+)} @ Arches, please test and mark stable: =net-misc/openssh-7.5_p1-r3 amd64 stable x86 stable ia64 stable Stable on alpha. sparc stable (thanks to Rolf Eike Beer) ppc64 stable ppc stable arm stable hppa stable Repository is clean. New GLSA request filed. Gentoo Security Padawan (Jmbailey/mbailey_j) This issue was resolved and addressed in GLSA 201801-05 at https://security.gentoo.org/glsa/201801-05 by GLSA coordinator Aaron Bauman (b-man). |