Bug#984940: CVE-2021-28041

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#984940: CVE-2021-28041
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 10 Mar 2021 17:57:52 +0100
Message-id: <[🔎] 161539547234.237906.666230999315751909.reportbug@hullmann.westfalen.local>
Reply-to: Moritz Muehlenhoff <jmm@debian.org>, 984940@bugs.debian.org

Source: openssh
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>

Hi,
The following vulnerability was published for openssh.

CVE-2021-28041[0]:
| ssh-agent in OpenSSH before 8.5 has a double free that may be relevant
| in a few less-common scenarios, such as unconstrained agent-socket
| access on a legacy operating system, or the forwarding of an agent to
| an attacker-controlled host.

Buster is not affected. Isolated patch at:
https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Bug#984940: CVE-2021-28041
  - From: Colin Watson <cjwatson@debian.org>
- Processed: Bug#984940 marked as pending in openssh
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#984940: marked as done (CVE-2021-28041)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Bug#984876: openssh-server: logs unsightly errors from pam_env due to missing /etc/default/locale
Next by Date: Processed: found 984940 in 1:8.4p1-4
Previous by thread: Bug#984876: openssh-server: logs unsightly errors from pam_env due to missing /etc/default/locale
Next by thread: Bug#984940: CVE-2021-28041
Index(es):
- Date
- Thread