cesanta / docker_auth

Authentication server for Docker Registry 2
Apache License 2.0
1.28k stars 305 forks source link

security: fix CVE-2023-48795 #382

Closed mikecook closed 9 months ago

mikecook commented 9 months ago

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack.

Additionally, match go module version to oldest testing go version.

Commands run:

See:

mikecook commented 9 months ago

@techknowlogick got another one for you

techknowlogick commented 9 months ago

@mikecook much appreciated:)