Description
This update for dropbear fixes four security issues (bnc#990363):
- A format string injection vulnerability allowed remotes attacker to run
arbitrary code as root if specific usernames including "%" symbols could
be created on the target system. If a dbclient user can control
usernames or host arguments, or untrusted input is processed,
potentially arbitrary code could have been executed as the dbclient user
- When importing malicious OpenSSH key files via dropbearconvert,
arbitrary code could have been executed as the local dropbearconvert user
- If particular -m or -c arguments were provided, as used in scripts,
dbclient could have executed arbitrary code
- dbclient or dropbear server could have exposed process memory to the
running user if compiled with DEBUG_TRACE and running with -v