Dropbear security update
Marcin Juszkiewicz December 21st, 2005
Few days ago Dropbear author released 0.47 version and security fix for older versions. Today I added fixed dropbear 0.45-r2 into ‘upgrades’ feed on our main mirror.
Upgrade is recommended.
Upstream note:
This release also fixes a potential security issue, which may allow authenticated users to run arbitrary code as the server user. I’m unsure exactly how likely it is to be exploitable, but anyone who’s running a multi-user server is advised to upgrade.
Where’s the update for the RC?
It has a newer version (but less than 0.47), so it can’t upgrade, but I assume it’s still vulnerable.
There won’t be updates for 3.5.4-rc1