[Secure-testing-commits] r47223 - data/CVE

Nicholas Luedtke nluedtke-guest at moszumanska.debian.org
Mon Dec 19 17:09:14 UTC 2016 

Author: nluedtke-guest
Date: 2016-12-19 17:09:14 +0000 (Mon, 19 Dec 2016)
New Revision: 47223

Modified:
   data/CVE/list
Log:
Add CVE-2016-100{9-12}/openssh

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-12-19 14:40:20 UTC (rev 47222)
+++ data/CVE/list	2016-12-19 17:09:14 UTC (rev 47223)
@@ -1,3 +1,28 @@
+CVE-2016-10012 [sshd(8): shared memory manager bounds checks that could be elided by some optimising compilers potentially allow attacks against the privileged monitor process from the sandboxed privilege-separation process]
+	- openssh <unfixed>
+	NOTE: Fixed in upstream 7.4
+	NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/monitor.c
+	NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/monitor.h
+	NOTE: https://www.openssh.com/txt/release-7.4
+	TODO: check affected versions
+CVE-2016-10011 [sshd(8): theoretical leak of host private key material to privilege-separated child processes via realloc()]
+	- openssh <unfixed>
+	NOTE: Fixed in upstream 7.4
+	NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/authfile.c
+	NOTE: https://www.openssh.com/txt/release-7.4
+	TODO: check affected versions
+CVE-2016-10010 [sshd(8): When privilege separation is disabled, forwarded Unix-domain sockets would be created by sshd(8) with the privileges of 'root']
+	- openssh <unfixed>
+	NOTE: Fixed in upstream 7.4
+	NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/serverloop.c
+	NOTE: https://www.openssh.com/txt/release-7.4
+	TODO: check affected versions
+CVE-2016-10009 [ssh-agent(1): load PKCS#11 modules from paths outside a trusted whitelist]
+	- openssh <unfixed>
+	NOTE: Fixed in upstream 7.4
+	NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh-agent.c
+	NOTE: https://www.openssh.com/txt/release-7.4
+	TODO: check affected versions
 CVE-2016-9998 ['plugin' parameter in '/ecrire/exec/info_plugin.php' XSS]
 	- spip <unfixed> (bug #848641)
 	NOTE: https://core.spip.net/projects/spip/repository/revisions/23288

More information about the Secure-testing-commits mailing list