[Bug 269538] security/openssh-portable

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=269538

            Bug ID: 269538
           Summary: security/openssh-portable
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: bdrewery@FreeBSD.org
          Reporter: mike@sentex.net
             Flags: maintainer-feedback?(bdrewery@FreeBSD.org)
          Assignee: bdrewery@FreeBSD.org

Opening a bug report for security/openssh-portable for the vuln database to get
flagged / updated for the 3 sec issues addressed

https://www.openssh.com/releasenotes.html#9.2


 * sshd(8): fix a pre-authentication double-free memory fault
   introduced in OpenSSH 9.1. This is not believed to be exploitable,
   and it occurs in the unprivileged pre-auth process that is
   subject to chroot(2) and is further sandboxed on most major
   platforms.

 * ssh(8): in OpenSSH releases after 8.7, the PermitRemoteOpen option
   would ignore its first argument unless it was one of the special
   keywords "any" or "none", causing the permission list to fail open
   if only one permission was specified. bz3515

 * ssh(1): if the CanonicalizeHostname and CanonicalizePermittedCNAMEs
   options were enabled, and the system/libc resolver did not check
   that names in DNS responses were valid, then use of these options
   could allow an attacker with control of DNS to include invalid
   characters (possibly including wildcards) in names added to
   known_hosts files when they were updated. These names would still
   have to match the CanonicalizePermittedCNAMEs allow-list, so
   practical exploitation appears unlikely.

-- 
You are receiving this mail because:
You are the assignee for the bug.