projects / feed / packages.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0c9f4a8) | patch
openssh: bump to 9.9p2
authorJohn Audia <therealgraysky@proton.me>
Tue, 18 Feb 2025 17:57:33 +0000 (12:57 -0500)
committerTianling Shen <cnsztl@gmail.com>
Thu, 20 Feb 2025 08:48:21 +0000 (16:48 +0800)
commit67784bf4d09b507f7a8ad68cd0910bf654a3bec0
tree0dfd4bffb9cb27e89bc78ed575d5eabfd45e7de2tree | snapshot
parent0c9f4a84101c893b77b8d23b3db4cef00ad18c35commit | diff
openssh: bump to 9.9p2

Updated and removed upstreamed patch.

Highlights relating to security:

* Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1
  (inclusive) contained a logic error that allowed an on-path
  attacker (a.k.a MITM) to impersonate any server when the
  VerifyHostKeyDNS option is enabled. This option is off by default.

* Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1
  (inclusive) is vulnerable to a memory/CPU denial-of-service related
  to the handling of SSH2_MSG_PING packets. This condition may be
  mitigated using the existing PerSourcePenalties feature.

Both vulnerabilities were discovered and demonstrated to be exploitable
by the Qualys Security Advisory team. We thank them for their detailed
review of OpenSSH.

Full release notes: https://www.openssh.com/txt/release-9.9p2

Signed-off-by: John Audia <therealgraysky@proton.me>
net/openssh/Makefile diff | blob | history
net/openssh/patches/001-build-construct_utmp-when-USE_BTMP-is-set.patch [deleted file] blob | history
Mirror of packages feed