subject:"Dropbear 2016.72"

Re: Dropbear 2016.72

2016-03-11 Thread Konstantin Tokarev

10.03.2016, 15:59, "Matt Johnston" : > Hi all, > > Dropbear SSH 2016.72 is released. This has a single change, a > security fix. If X11 forwarding is enabled a user could > bypass any "command=" restrictions in authorized_keys and run > any command as their own user (or perform

Dropbear 2016.72

2016-03-10 Thread Matt Johnston

Hi all, Dropbear SSH 2016.72 is released. This has a single change, a security fix. If X11 forwarding is enabled a user could bypass any "command=" restrictions in authorized_keys and run any command as their own user (or perform other operations allowed by the "xauth" binary such as writing