Bug#984940: CVE-2021-28041
Source: openssh
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
Hi,
The following vulnerability was published for openssh.
CVE-2021-28041[0]:
| ssh-agent in OpenSSH before 8.5 has a double free that may be relevant
| in a few less-common scenarios, such as unconstrained agent-socket
| access on a legacy operating system, or the forwarding of an agent to
| an attacker-controlled host.
Buster is not affected. Isolated patch at:
https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db
Cheers,
Moritz
Reply to: