Hi!
Moritz Muehlenhoff [2005-09-01 16:53 +0200]:
> - SECURITY: Fix a bug introduced in OpenSSH 4.0 that caused
> GatewayPorts to be incorrectly activated for dynamic ("-D") port
> forwardings when no listen address was explicitly specified.
CAN-2005-2797
> - SECURITY: sshd in OpenSSH versions prior to 4.2 allow GSSAPI
> credentials to be delegated to users who log in with methods
> other than GSSAPI authentication (e.g. public key) when the
> client requests it. This behaviour has been changed in OpenSSH
> 4.2 to only delegate credentials to users who authenticate
> using the GSSAPI method. This eliminates the risk of credentials
> being inadvertently exposed to an untrusted user/host (though
> users should not activate GSSAPIDelegateCredentials to begin
> with when the remote user or host is untrusted)
CAN-2005-2798
Thanks,
Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
Attachment:
signature.asc
Description: Digital signature