[OE-core] [PATCH] openssh: Security Advisory - openssh - CVE-2016-10010
Alexander Kanavin
alexander.kanavin at linux.intel.com
Wed Jan 25 12:09:09 UTC 2017
On 01/25/2017 07:19 AM, Li Zhou wrote:
> sshd in OpenSSH before 7.4, when privilege separation is not used,
> creates forwarded Unix-domain sockets as root, which might allow
> local users to gain privileges via unspecified vectors, related to
> serverloop.c.
>
> Porting patch from <https://github.com/openbsd/src/commit/
> c76fac666ea038753294f2ac94d310f8adece9ce> to solve CVE-2016-10010.
> Adapted the patch to solve context issues.
Please update openssh to 7.4 instead, there is no need to backport fixes
to master branch, if the issue can be solved by updating the recipe version.
Alex
More information about the Openembedded-core
mailing list