[Bug 210175] Re: [openssh] [CVE-2008-1483] allows local users to hijack forwarded X connections
Colin Watson
cjwatson at canonical.com
Tue Apr 1 14:11:23 BST 2008
We already fixed this in Hardy:
openssh (1:4.7p1-5) unstable; urgency=low
* Recommends: xauth rather than Suggests: xbase-clients.
* Document in ssh(1) that '-S none' disables connection sharing
(closes: #471437).
* Patch from Red Hat / Fedora:
- SECURITY: Don't use X11 forwarding port which can't be bound on all
address families, preventing hijacking of X11 forwarding by
unprivileged users when both IPv4 and IPv6 are configured (closes:
#463011).
* Use printf rather than echo -en (a bashism) in openssh-server.config and
openssh-server.preinst.
* debconf template translations:
- Update Finnish (thanks, Esko Arajärvi; closes: #468563).
-- Colin Watson <cjwatson at debian.org> Sat, 22 Mar 2008 12:37:00 +0000
The bug is still open in dapper through gutsy, though.
** Changed in: openssh (Ubuntu)
Status: New => Fix Released
--
[openssh] [CVE-2008-1483] allows local users to hijack forwarded X connections
https://bugs.launchpad.net/bugs/210175
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.
More information about the Ubuntu-server-bugs
mailing list