mirror of
https://git.yoctoproject.org/poky
synced 2026-03-19 13:49:41 +01:00
60df41d7e5
ssh(1) in OpenSSH versions 9.5p1 to 9.7p1 (inclusive).
Logic error in ObscureKeystrokeTiming option.
A logic error in the implementation of the ssh(1) ObscureKeystrokeTiming option rendered the feature ineffective and additionally exposed limited keystroke timing information when terminal echo was disabled, e.g. while entering passwords to su(8) or sudo(8). This condition could be avoided for affected versions by disabling the feature using ObscureKeystrokeTiming=no.
References:
https://www.openssh.com/security.html
https://www.openssh.com/txt/release-9.8
Upstream-Status: Backport [146c420d29]
(From OE-Core rev: 644716564d8c223c71be635e2f1794c74ae23d7f)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>