[Bug 233801] FreeBSD 11.x vulnerability in OpenSSH
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Dec 5 14:27:25 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233801
Bug ID: 233801
Summary: FreeBSD 11.x vulnerability in OpenSSH
Product: Base System
Version: 11.2-RELEASE
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: bin
Assignee: bugs at FreeBSD.org
Reporter: i.dani at outlook.com
https://nvd.nist.gov/vuln/detail/CVE-2017-15906 - Has not been fixed in FreeBSD
11.x
Is there a special reason for this or was it forgotten?
These are the mentioned lines:
https://svnweb.freebsd.org/base/releng/11.2/crypto/openssh/sftp-server.c?view=markup#l694
A fix is availible (and has been released with v7.6 - so FBSD 12 isn't
vulnerable) - see:
https://github.com/vmware/photon/blob/master/SPECS/openssh/openssh-CVE-2017-15906.patch
or from OpenBSD:
https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list