Hi! Moritz Muehlenhoff [2005-09-01 16:53 +0200]: > - SECURITY: Fix a bug introduced in OpenSSH 4.0 that caused > GatewayPorts to be incorrectly activated for dynamic ("-D") port > forwardings when no listen address was explicitly specified. CAN-2005-2797 > - SECURITY: sshd in OpenSSH versions prior to 4.2 allow GSSAPI > credentials to be delegated to users who log in with methods > other than GSSAPI authentication (e.g. public key) when the > client requests it. This behaviour has been changed in OpenSSH > 4.2 to only delegate credentials to users who authenticate > using the GSSAPI method. This eliminates the risk of credentials > being inadvertently exposed to an untrusted user/host (though > users should not activate GSSAPIDelegateCredentials to begin > with when the remote user or host is untrusted) CAN-2005-2798 Thanks, Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org
Attachment:
signature.asc
Description: Digital signature