From 896c6533b3e8e8a232241ccfbe14a5868595b722 Mon Sep 17 00:00:00 2001 From: Jonathan Wright Date: Mon, 1 Jul 2024 08:50:53 -0500 Subject: [PATCH] fix CVE-2024-6387 --- SOURCES/openssh-8.7p1-CVE-2024-6387.patch | 30 +++++++++++++++++++++++ SPECS/openssh.spec | 9 ++++++- 2 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 SOURCES/openssh-8.7p1-CVE-2024-6387.patch diff --git a/SOURCES/openssh-8.7p1-CVE-2024-6387.patch b/SOURCES/openssh-8.7p1-CVE-2024-6387.patch new file mode 100644 index 0000000..c91bed4 --- /dev/null +++ b/SOURCES/openssh-8.7p1-CVE-2024-6387.patch @@ -0,0 +1,30 @@ +From 0e3e0757b4fba0799f045594ad03cb55fb21560a Mon Sep 17 00:00:00 2001 +From: Jonathan Wright +Date: Mon, 1 Jul 2024 08:41:24 -0500 +Subject: [PATCH] fix CVE-2024-2387 + +--- + log.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/log.c b/log.c +index 42c6f9a..679c527 100644 +--- a/log.c ++++ b/log.c +@@ -448,12 +448,14 @@ void + sshsigdie(const char *file, const char *func, int line, int showfunc, + LogLevel level, const char *suffix, const char *fmt, ...) + { ++#if 0 + va_list args; + + va_start(args, fmt); + sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL, + suffix, fmt, args); + va_end(args); ++#endif + _exit(1); + } + +-- +2.45.2 diff --git a/SPECS/openssh.spec b/SPECS/openssh.spec index 8a7a38e..600ee91 100644 --- a/SPECS/openssh.spec +++ b/SPECS/openssh.spec @@ -54,7 +54,7 @@ Summary: An open source implementation of SSH protocol version 2 Name: openssh Version: %{openssh_ver} -Release: %{openssh_rel}%{?dist} +Release: %{openssh_rel}%{?dist}.alma.1 URL: http://www.openssh.com/portable.html #URL1: https://github.com/jbeverly/pam_ssh_agent_auth/ Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz @@ -289,6 +289,10 @@ Patch1018: openssh-9.6p1-CVE-2023-48795.patch #upstream commit 7ef3787c84b6b524501211b11a26c742f829af1a Patch1019: openssh-9.6p1-CVE-2023-51385.patch +# fix CVE-2024-6387 +# https://openwall.com/lists/oss-security/2024/07/01/3 +Patch1020: openssh-8.7p1-CVE-2024-6387.patch + License: BSD Requires: /sbin/nologin @@ -798,6 +802,9 @@ test -f %{sysconfig_anaconda} && \ %endif %changelog +* Mon July 01 2024 Jonathan Wright - 8.7p1-38.alma.1 +- Fix CVE-2024-6387 + * Fri Jan 05 2024 Dmitry Belyavskiy - 8.7p1-38 - Fix Terrapin attack Resolves: CVE-2023-48795