dropbear: 2016.73 -> 2016.74 - nixlib - Alyssa's collection of Nix expressions

diff options

author	Tobias Geerinckx-Rice <me@tobias.gr>	2016-07-23 21:29:40 +0200
committer	Tobias Geerinckx-Rice <me@tobias.gr>	2016-07-23 21:29:51 +0200
commit	7c84bd121a1b6c38092d4f98f29cdadba050b4db (patch)
tree	10b3be92eeea605b1500530659add12d6881cb52 /nixos/modules/installer
parent	90ee01cd3dc029e1d86bc94eb6aa4b5f4b5a0f2e (diff)
download	nixlib-7c84bd121a1b6c38092d4f98f29cdadba050b4db.tar nixlib-7c84bd121a1b6c38092d4f98f29cdadba050b4db.tar.gz nixlib-7c84bd121a1b6c38092d4f98f29cdadba050b4db.tar.bz2 nixlib-7c84bd121a1b6c38092d4f98f29cdadba050b4db.tar.lz nixlib-7c84bd121a1b6c38092d4f98f29cdadba050b4db.tar.xz nixlib-7c84bd121a1b6c38092d4f98f29cdadba050b4db.tar.zst nixlib-7c84bd121a1b6c38092d4f98f29cdadba050b4db.zip

dropbear: 2016.73 -> 2016.74

Security fixes:
- Message printout was vulnerable to format string injection
- dropbearconvert import of OpenSSH keys could run arbitrary code
  as the local dropbearconvert user when parsing malicious key
  files
- dbclient could run arbitrary code as the local dbclient user if
  particular -m or -c arguments are provided
- dbclient or dropbear server could expose process memory to the
  running user if compiled with DEBUG_TRACE and running with -v

Fixes:
- Fix port forwarding failure when connecting to domains that have
  both IPv4 and IPv6 addresses. The bug was introduced in 2015.68
- Fix 100% CPU use while waiting for rekey to complete

Diffstat (limited to 'nixos/modules/installer')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: