thr3ads.net - openssh unix dev - Fix for CVE-2014-1692 , CVE-2014-2532 [Mar 2015]

If this information is useful, please help other people find it:
Share via:

abhi dhiman

2015-Mar-17 14:52 UTC

Fix for CVE-2014-1692 , CVE-2014-2532

Hi All,

Actually I am working with the OpenSSH version 6.2p which is vulnerable to
above mentioned vulnerabilities.

So am looking for some help how I can fix these vulnerabilities in my
version. I need to fix it in the OpenSSH code.

Regards
Abhishek

Ángel González

2015-Mar-17 21:55 UTC

head link

Fix for CVE-2014-1692 , CVE-2014-2532

On 17/03/15 15:52, abhi dhiman wrote:> Hi All,
>
> Actually I am working with the OpenSSH version 6.2p which is vulnerable to
> above mentioned vulnerabilities.
>
> So am looking for some help how I can fix these vulnerabilities in my
> version. I need to fix it in the OpenSSH code.
>
> Regards
> AbhishekUnless you specifically enabled the experimental JPAKE support in 
openssh (eg. by adding

-DJPAKE in Makefile.inc) you are not affected by CVE-2014-1692.

In order to avoid CVE-2014-2532, you can apply this change:
https://anongit.mindrot.org/openssh.git/commit/?id=8569eba5d7f7348ce3955eeeb399f66f25c52ece

Regards

openssh unix dev - Mar 2015 - Fix for CVE-2014-1692 , CVE-2014-2532

Fix for CVE-2014-1692 , CVE-2014-2532

Fix for CVE-2014-1692 , CVE-2014-2532