generic-poky

History

Li Wang b629d94030 openssh: CVE-2011-4327 A security flaw was found in the way ssh-keysign, a ssh helper program for host based authentication, attempted to retrieve enough entropy information on configurations that lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would be executed to retrieve the entropy from the system environment). A local attacker could use this flaw to obtain unauthorized access to host keys via ptrace(2) process trace attached to the 'ssh-rand-helper' program. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4327 http://www.openssh.com/txt/portable-keysign-rand-helper.adv [YOCTO #3493] (From OE-Core rev: bdce08215396e5ab99ada5fa0f62c3b002a44582) Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2012-11-28 07:41:26 +00:00
..
openssh-6.0p1	openssh: CVE-2011-4327	2012-11-28 07:41:26 +00:00
openssh_6.0p1.bb	openssh: CVE-2011-4327	2012-11-28 07:41:26 +00:00

Li Wang b629d94030 openssh: CVE-2011-4327

A security flaw was found in the way ssh-keysign,
a ssh helper program for host based authentication,
attempted to retrieve enough entropy information on configurations that
lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would
be executed to retrieve the entropy from the system environment).
A local attacker could use this flaw to obtain unauthorized access to host keys
via ptrace(2) process trace attached to the 'ssh-rand-helper' program.

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4327
http://www.openssh.com/txt/portable-keysign-rand-helper.adv

[YOCTO #3493]

(From OE-Core rev: bdce08215396e5ab99ada5fa0f62c3b002a44582)

Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2012-11-28 07:41:26 +00:00

openssh-6.0p1

openssh: CVE-2011-4327

2012-11-28 07:41:26 +00:00

openssh_6.0p1.bb

openssh: CVE-2011-4327

2012-11-28 07:41:26 +00:00