Lando Siregar
May 23, 2012, 5:59:37 AM5/23/12
to al...@googlegroups.com
please update dropbear
Joao Cardoso
May 23, 2012, 9:42:40 AM5/23/12
to al...@googlegroups.com
On Wednesday, May 23, 2012 10:59:37 AM UTC+1, zero13th wrote:
please update dropbear
You mean, because of:
Security update 2012.55 — releases from 0.52 to 2011.54 are potentially vulnerable to code execution as root by an authenticated user if a
command="..." option is used in
authorized_keys. Release 2012.55 fixes the problem. The update is going to happen for RC3,
Thanks
On Wednesday, May 23, 2012 10:59:37 AM UTC+1, zero13th wrote:
please update dropbear
Lando Siregar
May 24, 2012, 8:13:03 AM5/24/12
to al...@googlegroups.com
yes sir, thank u
--
ZerO13th
--To view this discussion on the web visit https://groups.google.com/d/msg/alt-f/-/wERP4S68we8J.
You received this message because you are subscribed to the Google Groups "Alt-F" group.
To post to this group, send email to al...@googlegroups.com.
To unsubscribe from this group, send email to alt-f+un...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/alt-f?hl=en.
--
ZerO13th
Brandon Hume
May 24, 2012, 8:26:07 AM5/24/12
to al...@googlegroups.com
On 05/23/12 10:42 AM, Joao Cardoso wrote:
>
> *Security update 2012.55* � releases from 0.52 to 2011.54 are
> 2012.55 fixes the problem.
Also, will you be stepping up the version of Samba, to fix CVE-2012-1182
(remote root code execution vulnerability)? 3.5.12 was bundled with
RC2, 3.5.14 seems to be the fixed release.
Isn't tracking third-party software fun? Granted, I'm probably the only
person crazy enough to expose my 323 to the internet, but even that's
behind iptables and IPsec. :)
>
> *Security update 2012.55* � releases from 0.52 to 2011.54 are
> potentially vulnerable to code execution as root by an authenticated
> user if a |command="..."| option is used in |authorized_keys|. Release
> 2012.55 fixes the problem.
Also, will you be stepping up the version of Samba, to fix CVE-2012-1182
(remote root code execution vulnerability)? 3.5.12 was bundled with
RC2, 3.5.14 seems to be the fixed release.
Isn't tracking third-party software fun? Granted, I'm probably the only
person crazy enough to expose my 323 to the internet, but even that's
behind iptables and IPsec. :)
Joao Cardoso (Alt-F)
May 24, 2012, 2:42:40 PM5/24/12
to al...@googlegroups.com
On Thursday 24 May 2012 09:26:07 Brandon Hume wrote:
> On 05/23/12 10:42 AM, Joao Cardoso wrote:
> > *Security update 2012.55* — releases from 0.52 to 2011.54 are
> On 05/23/12 10:42 AM, Joao Cardoso wrote:
> > potentially vulnerable to code execution as root by an authenticated
> > user if a |command="..."| option is used in |authorized_keys|. Release
> > 2012.55 fixes the problem.
>
> Also, will you be stepping up the version of Samba, to fix CVE-2012-1182
> (remote root code execution vulnerability)? 3.5.12 was bundled with
> RC2, 3.5.14 seems to be the fixed release.
It's 3.5.15 (and counting?)
> > user if a |command="..."| option is used in |authorized_keys|. Release
> > 2012.55 fixes the problem.
>
> Also, will you be stepping up the version of Samba, to fix CVE-2012-1182
> (remote root code execution vulnerability)? 3.5.12 was bundled with
> RC2, 3.5.14 seems to be the fixed release.
I'have made the upgrade to both dropbear and samba, and they will be available
for RC3 (that I don't know when it will be!)
I would appreciate related issues to be opened in the code site, where it is
easier to notice. Please use http://code.google.com/p/alt-f/issues/list in the
future.
Thanks
Reply all
Reply to author
Forward
0 new messages