From: Julien Olivain via buildroot <buildroot@buildroot.org>
To: Bernd Kuhls <bernd@kuhls.net>
Cc: buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH 1/1] package/openssh: security bump to version 10.4p1
Date: Mon, 06 Jul 2026 21:42:31 +0200 [thread overview]
Message-ID: <bb1db2eaac2ca62448845d68f3952ee6@free.fr> (raw)
In-Reply-To: <20260706173349.2555859-1-bernd@kuhls.net>
On 06/07/2026 19:33, Bernd Kuhls wrote:
> https://www.openssh.org/releasenotes.html#10.4p1
>
> Changes since OpenSSH 10.3
> ==========================
>
> This release contains a number of security fixes as well as general
> bugfixes and a couple of new features.
>
> Security
> ========
>
> * sftp(1): when downloading files on the command-line using
> "sftp host:/path .", a malicious server could cause the file to
> be downloaded to an unexpected location. This issue was identified
> by the Swival Security Scanner.
>
> * scp(1): when copying files between two remote destinations, do
> not allow a malicious server to write files to the parent
> directory of the intended target directory. This issue was
> identified by the Swival Security Scanner.
>
> * sshd(8): when using the "internal-sftp" SFTP server implementation
> (this is not the default), long command lines were previously
> truncated silently after the 9th argument. If a security-relevant
> option was in the 10th or later position, it would be discarded.
> Reported by Steve Caffrey.
>
> * sshd(8): add a documentation note to mention that the
> GSSAPIStrictAcceptorCheck option is ineffective when the server
> is joined to a Windows Active Directory. Reported by Yarin Aharoni
> of Safebreach.
>
> * sshd(8): DisableForwarding=yes didn't override PermitTunnel=yes
> as it was documented to do. Note that PermitTunnel is not enabled
> by default. Reported independently by Huzaifa Sidhpurwala of
> Redhat and Marko Jevtic.
>
> * sshd(8): avoid a potential pre-authentication denial of service
> when GSSAPIAuthentication was enabled (this feature is off by
> default). This was not mitigated by MaxAuthTries, but would be
> penalised by PerSourcePenalties. This was reported by Manfred
> Kaiser of the milCERT AT (Austrian Ministry of Defence).
>
> * sshd(8): fix a number of cases where the minimum authentication
> delay was not being enforced. Reported by the Orange Cyberdefense
> Vulnerability Team.
>
> * ssh(1): fix a possible client-side use-after-free if the server
> changes its host key during a key reexchange. This was reported by
> Zhenpeng (Leo) Lin of Depthfirst.
> [...]
>
> Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Applied to master, thanks.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
prev parent reply other threads:[~2026-07-06 19:42 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-06 17:33 [Buildroot] [PATCH 1/1] package/openssh: security bump to version 10.4p1 Bernd Kuhls
2026-07-06 19:42 ` Julien Olivain via buildroot [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bb1db2eaac2ca62448845d68f3952ee6@free.fr \
--to=buildroot@buildroot.org \
--cc=bernd@kuhls.net \
--cc=ju.o@free.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox