Hi Steve, On Fri, 2020-11-13 at 04:52 -1000, Steve Sakoman wrote: > From: Alexander Kanavin <alex.kana...@gmail.com> > > CVE-2020-14145 > > The client side in OpenSSH 5.7 through 8.3 has an Observable > Discrepancy leading to an information leak in the algorithm > negotiation. This allows man-in-the-middle attackers to target > initial connection attempts (where no host key for the server > has been cached by the client).
I am not sure if this CVE should be considered fixed. Please see Section 3.1: https://www.fzi.de/fileadmin/user_upload/2020-06-26-FSA-2020-2.pdf Also, this isn't a bug fix release and has potentially incompatible changes that may affect existing configurations as per the release notes: https://www.openssh.com/txt/release-8.4 Thanks, Anuj
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#144570): https://lists.openembedded.org/g/openembedded-core/message/144570 Mute This Topic: https://lists.openembedded.org/mt/78230616/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
