openssh: CVE-2011-4327 - openembedded-core-contrib - OpenEmbedded Core user contribution trees

diff options

author	Li Wang <li.wang@windriver.com>	2012-11-27 14:13:21 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2012-11-28 07:38:26 +0000
commit	bdce08215396e5ab99ada5fa0f62c3b002a44582 (patch)
tree	53e773566cc69c3d3150478eaeacd5d6b2b5227a /meta/classes/rootfs_ipk.bbclass
parent	8a4f07d5111feaa3114e039431785d6ad37529b2 (diff)
download	openembedded-core-contrib-bdce08215396e5ab99ada5fa0f62c3b002a44582.tar.gz

openssh: CVE-2011-4327

A security flaw was found in the way ssh-keysign, a ssh helper program for host based authentication, attempted to retrieve enough entropy information on configurations that lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would be executed to retrieve the entropy from the system environment). A local attacker could use this flaw to obtain unauthorized access to host keys via ptrace(2) process trace attached to the 'ssh-rand-helper' program. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4327 http://www.openssh.com/txt/portable-keysign-rand-helper.adv [YOCTO #3493] Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'meta/classes/rootfs_ipk.bbclass')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: