OpenSSH client bug CVE-2016-0777

OpenSSH client bug CVE-2016-0777

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 284 bytes --]

Hello Matthias,
hello list,

could you please update OpenSSH to the latest version to fix the latest
security bugs:

  http://www.undeadly.org/cgi?action=article&sid=20160114142733

It should not be anything difficult, but should be patched in IPFire
today if we can.

Best,
-Michael

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: OpenSSH client bug CVE-2016-0777

[Matthias Fischer]

[-- Attachment #1: Type: text/plain, Size: 442 bytes --]

On 14.01.2016 18:56, Michael Tremer wrote:
> Hello Matthias,

Hi,

> hello list,
>
> could you please update OpenSSH to the latest version to fix the latest
> security bugs:
>
>    http://www.undeadly.org/cgi?action=article&sid=20160114142733
>
> It should not be anything difficult, but should be patched in IPFire
> today if we can.
>
> Best,
> -Michael
>

Work in progress...

But it will take until ~6 or 7pm tomorrow...

Best,
Matthias

Re: OpenSSH client bug CVE-2016-0777

[Matthias Fischer]

[-- Attachment #1: Type: text/plain, Size: 168 bytes --]

Hi,

On 14.01.2016 18:56, Michael Tremer wrote:
> could you please update OpenSSH to the latest version to fix the latest
> security bugs...

Done. ;-)

Best,
Matthias

Re: OpenSSH client bug CVE-2016-0777

[Matthias Fischer]

[-- Attachment #1: Type: text/plain, Size: 408 bytes --]

On 17.01.2016 20:16, Michael Tremer wrote:
> An update to what? Like binary? Probably not because we want to have a
> defined state of the machines. So when people install Core Update X, we
> should be sure that there is actually the full set of software
> installed and running.

Thats an argument. ACK.

>> > ...
> ...
> P.S. Don't forget to CC the list.

*Hrm*! *Cough*! Of course... ;-)

Best,
Matthias

Re: OpenSSH client bug CVE-2016-0777

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 1257 bytes --]

Hi,

On Sun, 2016-01-17 at 11:22 +0100, Matthias Fischer wrote:
> Hi Michael,
> 
> On 14.01.2016 18:56, Michael Tremer wrote:
> > could you please update OpenSSH to the latest version to fix the
> > latest
> > security bugs:
> > 
> >    http://www.undeadly.org/cgi?action=article&sid=20160114142733
> > 
> > It should not be anything difficult, but should be patched in
> > IPFire
> > today if we can.
> 
> Since there was no further feedback on this and because I don't know 
> exactly, when the next update will be ready (or if the patch came too
> late?):

Nah the patch is alright. Also merged.

> Would it make sense, if I offer an update on the list - to those
> which 
> are interested in testing it - the same way as 'dnsmasq 2.75'?

An update to what? Like binary? Probably not because we want to have a
defined state of the machines. So when people install Core Update X, we
should be sure that there is actually the full set of software
installed and running.

> 
> Its running without seen problems here since 15.01.2016 / ~6pm. ;-)
> 
> Package is at the usual place:
> http://people.ipfire.org/~mfischer/openssh-7.1p2-for-ipfire.tar.gz
> MD5: 6b8d0a7abd429014a942bad6371f2cf4
> 
> Best,
> Matthias

-Michael

P.S. Don't forget to CC the list.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]