Debian: DSA-3859-1: dropbear security update
Debian: DSA-3859-1: dropbear security update
Two vulnerabilities were found in Dropbear, a lightweight SSH2 server and client: CVE-2017-9078
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3859-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff May 19, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : dropbear CVE ID : CVE-2017-9078 CVE-2017-9079 Two vulnerabilities were found in Dropbear, a lightweight SSH2 server and client: CVE-2017-9078 Mark Shepard discovered a double free in the TCP listener cleanup which could result in denial of service by an authenticated user if Dropbear is running with the "-a" option. CVE-2017-9079 Jann Horn discovered a local information leak in parsing the .authorized_keys file. For the stable distribution (jessie), these problems have been fixed in version 2014.65-1+deb8u2. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your dropbear packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.