[3.4] dropbear: 2016.74 security updateID: oval:org.secpod.oval:def:1800903 | Date: (C)2018-03-29 (M)2021-11-09 |
Class: PATCH | Family: unix |
This includes fixes for multiple security issues. - Security: Message printout was vulnerable to format string injection. If specific usernames including "%" symbols can be created on a system then an attacker could run arbitrary code as root when connecting to Dropbear server. A dbclient user who can control username or host arguments could potentially run arbitrary code as the dbclient user. This could be a problem if scripts or webpages pass untrusted input to the dbclient program. - Security: dropbearconvert import of OpenSSH keys could run arbitrary code as the local dropbearconvert user when parsing malicious key files - Security: dbclient could run arbitrary code as the local dbclient user if particular -m or -c arguments are provided. This could be an issue where dbclient is used in scripts. - Security: dbclient or dropbear server could expose process memory to the running user if compiled with DEBUG_TRACE and running with -v - Fix port forwarding failure when connecting to domains that have both IPv4 and IPv6 addresses. The bug was introduced in 2015.68 - Fix 100% CPU use while waiting for rekey to complete.
Platform: |
Alpine Linux 3.4 |