Two vulnerabilities were found in Dropbear, a lightweight SSH2 server and client: CVE-2017-9078 Mark Shepard discovered a double free in the TCP listener cleanup which could result in denial of service by an authenticated user if Dropbear is running with the "-a" option. CVE-2017-9079 Jann Horn discovered a local information leak in parsing the .authorized_keys file.