From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- metadata/glsa/glsa-200711-02.xml | 63 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 metadata/glsa/glsa-200711-02.xml (limited to 'metadata/glsa/glsa-200711-02.xml') diff --git a/metadata/glsa/glsa-200711-02.xml b/metadata/glsa/glsa-200711-02.xml new file mode 100644 index 000000000000..708892c06c22 --- /dev/null +++ b/metadata/glsa/glsa-200711-02.xml @@ -0,0 +1,63 @@ + + + + OpenSSH: Security bypass + + A flaw has been discovered in OpenSSH which could allow a local attacker to + bypass security restrictions. + + openssh + 2007-11-01 + 2007-11-01: 01 + 191321 + remote + + + 4.7 + 4.7 + + + +

+ OpenSSH is a complete SSH protocol implementation that includes an SFTP + client and server support. +

+ + +

+ Jan Pechanec discovered that OpenSSH uses a trusted X11 cookie when it + cannot create an untrusted one. +

+ + +

+ An attacker could bypass the SSH client security policy and gain + privileges by causing an X client to be treated as trusted. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenSSH users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/openssh-4.7" + + + CVE-2007-4752 + + + jaervosz + + + jaervosz + + + p-y + + -- cgit v1.2.3