review.tizen.org Git - scm/bb/tizen-distro.git/commit

author	Li Wang <li.wang@windriver.com>
	Tue, 27 Nov 2012 06:13:21 +0000 (14:13 +0800)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Wed, 28 Nov 2012 07:41:26 +0000 (07:41 +0000)
commit	f3c8cb03306333c94cd74045c2689888f8358a25
tree	56210d84c71e21264dd84f89de7c447b1cc119c7	tree \| snapshot
parent	3e8b6860c2b2cc7151342e1412fd671add269726	commit \| diff

openssh: CVE-2011-4327

A security flaw was found in the way ssh-keysign,
a ssh helper program for host based authentication,
attempted to retrieve enough entropy information on configurations that
lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would
be executed to retrieve the entropy from the system environment).
A local attacker could use this flaw to obtain unauthorized access to host keys
via ptrace(2) process trace attached to the 'ssh-rand-helper' program.

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4327
http://www.openssh.com/txt/portable-keysign-rand-helper.adv

[YOCTO #3493]

(From OE-Core rev: bdce08215396e5ab99ada5fa0f62c3b002a44582)

Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch	[new file with mode: 0644]	blob
meta/recipes-connectivity/openssh/openssh_6.0p1.bb		diff \| blob \| history