dropbear: 2016.73 -> 2016.74 · pyrox.dev/nixpkgs@7c84bd1

lol

dropbear: 2016.73 -> 2016.74

Security fixes:
- Message printout was vulnerable to format string injection
- dropbearconvert import of OpenSSH keys could run arbitrary code
as the local dropbearconvert user when parsing malicious key
files
- dbclient could run arbitrary code as the local dbclient user if
particular -m or -c arguments are provided
- dbclient or dropbear server could expose process memory to the
running user if compiled with DEBUG_TRACE and running with -v

Fixes:
- Fix port forwarding failure when connecting to domains that have
both IPv4 and IPv6 addresses. The bug was introduced in 2015.68
- Fix 100% CPU use while waiting for rekey to complete

Tobias Geerinckx-Rice 9 years ago 7c84bd12 90ee01cd

+2 -2

1 changed file

expand all

unified split

pkgs

tools

networking

dropbear

default.nix

+2 -2

pkgs/tools/networking/dropbear/default.nix

··· 2 2 sftpPath ? "/var/run/current-system/sw/libexec/sftp-server" }: 3 3 4 4 stdenv.mkDerivation rec { 5 - name = "dropbear-2016.73"; 5 + name = "dropbear-2016.74"; 6 6 7 7 src = fetchurl { 8 8 url = "http://matt.ucc.asn.au/dropbear/releases/${name}.tar.bz2"; 9 - sha256 = "1mzg18jss1bsmcnn88zv7kv5yj01hzimndnd5636hfq9kgva8qaw"; 9 + sha256 = "14c8f4gzixf0j9fkx68jgl85q7b05852kk0vf09gi6h0xmafl817"; 10 10 }; 11 11 12 12 dontDisableStatic = enableStatic;