It was reported [1] that the Dropbear SSH server suffered from a use-after-free flaw in how the server managed channels concurrency. A specially-crafted request could trigger a use-after-free condition which could then be used to potentially execute arbitrary code with root privileges, provided that the user has been authenticated using a public key and also that a command restriction is enforced (the "command" option must be used in the authorized_keys file). This has been corrected upstream in version 2012.55 [2] and is reported to affect versions 0.52 through 2011.54. [1] http://archives.neohapsis.com/archives/fulldisclosure/2012-02/0404.html [2] https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749
Tracking bugs were filed for: Fedora-all: bug #800656 EPEL-6: bug #800657
dropbear-0.55-1 has been pushed to all supported versions of Fedora and EPEL: http://koji.fedoraproject.org/koji/packageinfo?packageID=5596