openssh: fix CVE-2024-39894 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Vijay Anusuri <vanusuri@mvista.com>	2024-07-16 12:54:35 +0530
committer	Steve Sakoman <steve@sakoman.com>	2024-07-23 06:05:47 -0700
commit	60df41d7e5e076fb8543acf1054771b844d87c02 (patch)
tree	0f47bd27a3cae204aabff49c418a7c42d1fa4062 /bitbake/lib/bb/codeparser.py
parent	fbd068df2185c40db4bb73cf4c1d498d2f0dd03c (diff)
download	poky-60df41d7e5e076fb8543acf1054771b844d87c02.tar.gz

openssh: fix CVE-2024-39894

ssh(1) in OpenSSH versions 9.5p1 to 9.7p1 (inclusive). Logic error in ObscureKeystrokeTiming option. A logic error in the implementation of the ssh(1) ObscureKeystrokeTiming option rendered the feature ineffective and additionally exposed limited keystroke timing information when terminal echo was disabled, e.g. while entering passwords to su(8) or sudo(8). This condition could be avoided for affected versions by disabling the feature using ObscureKeystrokeTiming=no. References: https://www.openssh.com/security.html https://www.openssh.com/txt/release-9.8 Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/146c420d29d055cc75c8606327a1cf8439fe3a08] (From OE-Core rev: 644716564d8c223c71be635e2f1794c74ae23d7f) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'bitbake/lib/bb/codeparser.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: