document security issue · MidnightBSD/src@61f9e2e

Commit

document security issue

laffer1 committed Jul 1, 2024

1 parent 00adcc7 commit 61f9e2e

UPDATING

-Original file line number
+Diff line change
@@ -1,5 +1,17 @@
     Updating Information for MidnightBSD users.
+    20240701:
+    	OpenSSH security vulnerability
+    	A signal handler in sshd(8) calls a function that is not async-signal-safe.
+    	The signal handler is invoked when a client does not authenticate within the
+    	LoginGraceTime seconds (120 by default).  This signal handler executes in the
+    	context of the sshd(8)'s privileged code, which is not sandboxed and runs
+    	with full root privileges.
+    	This issue is a regression of CVE-2006-5051 originally reported by Mark Dowd
+    	and accidentally reintroduced in OpenSSH 8.5p1.
     20240519:
     	Stable branch 3.2 created.  Continuing development of current
@@ Expand Down @@

Please sign in to comment.