dropbear: package upgrade 2022.83-1 -> 2022.83-1+deb12u1
Closed, ResolvedPublicFEATURE REQUEST
Actions

Assigned To

Authored By

	c-po
	Apr 1 2024, 1:38 PM

Description

Fix CVE-2023-48795: (terrapin attack): The SSH transport protocol with certain OpenSSH extensions allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. (Closes: #1059001)

Details

Difficulty level: Unknown (require assessment)
Version: -
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Perfectly compatible
Issue type: Package upgrade

Event Timeline

c-po renamed this task from dropbear: package upgrade 2022.83-1+deb12u1 to dropbear: package upgrade 2022.83-1 -> 2022.83-1+deb12u1.Apr 1 2024, 1:38 PM

c-po changed the task status from Open to In progress.

c-po claimed this task.

c-po created this task.

c-po added a project: VyOS 1.4 Sagitta (1.4.0-epa3).

pasik added a subscriber: pasik.Apr 1 2024, 2:00 PM

https://github.com/vyos/vyos-build/pull/547

c-po moved this task from Need Triage to Finished on the VyOS 1.5 Circinus board.Apr 1 2024, 2:11 PM

c-po closed this task as Resolved.Apr 1 2024, 2:38 PM

c-po moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-epa3) board.

dropbear: package upgrade 2022.83-1 -> 2022.83-1+deb12u1Closed, ResolvedPublicFEATURE REQUESTActions

Description

Details

Event Timeline

dropbear: package upgrade 2022.83-1 -> 2022.83-1+deb12u1
Closed, ResolvedPublicFEATURE REQUEST
Actions