Sunday, March 30, 2008

Errata 009_ppp & 010_openssh

PuffyThe OpenBSD team released Errata entries 009_ppp and 010_openssh for OpenBSD 4.2.

Both are SECURITY fixes.

For 009_ppp, the description is:

Buffer overflow in ppp command prompt parsing.

For 010_openssh, the description is:

sshd(8) would execute ~/.ssh/rc even when a sshd_config(5) ForceCommand directive was in effect, allowing users with write access to this file to execute arbitrary commands. This behaviour was documented, but was an unsafe default and an extra hassle for administrators.

I've made binpatches for i386, amd64 and sparc64.