Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
From: Julien Olivain via buildroot <buildroot@buildroot.org>
To: Bernd Kuhls <bernd@kuhls.net>
Cc: buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH 1/1] package/openssh: security bump to version 10.4p1
Date: Mon, 06 Jul 2026 21:42:31 +0200	[thread overview]
Message-ID: <bb1db2eaac2ca62448845d68f3952ee6@free.fr> (raw)
In-Reply-To: <20260706173349.2555859-1-bernd@kuhls.net>

On 06/07/2026 19:33, Bernd Kuhls wrote:
> https://www.openssh.org/releasenotes.html#10.4p1
> 
> Changes since OpenSSH 10.3
> ==========================
> 
> This release contains a number of security fixes as well as general
> bugfixes and a couple of new features.
> 
> Security
> ========
> 
>  * sftp(1): when downloading files on the command-line using
>    "sftp host:/path .", a malicious server could cause the file to
>    be downloaded to an unexpected location. This issue was identified
>    by the Swival Security Scanner.
> 
>  * scp(1): when copying files between two remote destinations, do
>    not allow a malicious server to write files to the parent
>    directory of the intended target directory.  This issue was
>    identified by the Swival Security Scanner.
> 
>  * sshd(8): when using the "internal-sftp" SFTP server implementation
>    (this is not the default), long command lines were previously
>    truncated silently after the 9th argument. If a security-relevant
>    option was in the 10th or later position, it would be discarded.
>    Reported by Steve Caffrey.
> 
>  * sshd(8): add a documentation note to mention that the
>    GSSAPIStrictAcceptorCheck option is ineffective when the server
>    is joined to a Windows Active Directory. Reported by Yarin Aharoni
>    of Safebreach.
> 
>  * sshd(8): DisableForwarding=yes didn't override PermitTunnel=yes
>    as it was documented to do. Note that PermitTunnel is not enabled
>    by default. Reported independently by Huzaifa Sidhpurwala of
>    Redhat and Marko Jevtic.
> 
>  * sshd(8): avoid a potential pre-authentication denial of service
>    when GSSAPIAuthentication was enabled (this feature is off by
>    default). This was not mitigated by MaxAuthTries, but would be
>    penalised by PerSourcePenalties. This was reported by Manfred
>    Kaiser of the milCERT AT (Austrian Ministry of Defence).
> 
>  * sshd(8): fix a number of cases where the minimum authentication
>    delay was not being enforced. Reported by the Orange Cyberdefense
>    Vulnerability Team.
> 
>  * ssh(1): fix a possible client-side use-after-free if the server
>    changes its host key during a key reexchange. This was reported by
>    Zhenpeng (Leo) Lin of Depthfirst.
> [...]
> 
> Signed-off-by: Bernd Kuhls <bernd@kuhls.net>

Applied to master, thanks.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

      reply	other threads:[~2026-07-06 19:42 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-06 17:33 [Buildroot] [PATCH 1/1] package/openssh: security bump to version 10.4p1 Bernd Kuhls
2026-07-06 19:42 ` Julien Olivain via buildroot [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bb1db2eaac2ca62448845d68f3952ee6@free.fr \
    --to=buildroot@buildroot.org \
    --cc=bernd@kuhls.net \
    --cc=ju.o@free.fr \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox