CVE-2015-8325 and certificate regression are fixed upstream
This commit is contained in:
parent
38e1dfa80d
commit
13a7aaf5e3
@ -1,32 +0,0 @@
|
|||||||
From 85bdcd7c92fe7ff133bbc4e10a65c91810f88755 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Damien Miller <djm@mindrot.org>
|
|
||||||
Date: Wed, 13 Apr 2016 10:39:57 +1000
|
|
||||||
Subject: ignore PAM environment vars when UseLogin=yes
|
|
||||||
|
|
||||||
If PAM is configured to read user-specified environment variables
|
|
||||||
and UseLogin=yes in sshd_config, then a hostile local user may
|
|
||||||
attack /bin/login via LD_PRELOAD or similar environment variables
|
|
||||||
set via PAM.
|
|
||||||
|
|
||||||
CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
|
|
||||||
---
|
|
||||||
session.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/session.c b/session.c
|
|
||||||
index 4859245..4653b09 100644
|
|
||||||
--- a/session.c
|
|
||||||
+++ b/session.c
|
|
||||||
@@ -1322,7 +1322,7 @@ do_setup_env(Session *s, const char *shell)
|
|
||||||
* Pull in any environment variables that may have
|
|
||||||
* been set by PAM.
|
|
||||||
*/
|
|
||||||
- if (options.use_pam) {
|
|
||||||
+ if (options.use_pam && !options.use_login) {
|
|
||||||
char **p;
|
|
||||||
|
|
||||||
p = fetch_pam_child_environment();
|
|
||||||
--
|
|
||||||
cgit v0.11.2
|
|
||||||
|
|
||||||
|
|
@ -1,38 +0,0 @@
|
|||||||
commit c38905ba391434834da86abfc988a2b8b9b62477
|
|
||||||
Author: djm@openbsd.org <djm@openbsd.org>
|
|
||||||
Date: Mon Mar 14 16:20:54 2016 +0000
|
|
||||||
|
|
||||||
upstream commit
|
|
||||||
|
|
||||||
unbreak authentication using lone certificate keys in
|
|
||||||
ssh-agent: when attempting pubkey auth with a certificate, if no separate
|
|
||||||
private key is found among the keys then try with the certificate key itself.
|
|
||||||
|
|
||||||
bz#2550 reported by Peter Moody
|
|
||||||
|
|
||||||
Upstream-ID: f939cd76d68e6a9a3d1711b5a943d6ed1e623966
|
|
||||||
|
|
||||||
diff --git a/sshconnect2.c b/sshconnect2.c
|
|
||||||
index f79c96b..1cf48a2 100644
|
|
||||||
--- a/sshconnect2.c
|
|
||||||
+++ b/sshconnect2.c
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-/* $OpenBSD: sshconnect2.c,v 1.239 2016/02/23 01:34:14 djm Exp $ */
|
|
||||||
+/* $OpenBSD: sshconnect2.c,v 1.240 2016/03/14 16:20:54 djm Exp $ */
|
|
||||||
/*
|
|
||||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
|
||||||
* Copyright (c) 2008 Damien Miller. All rights reserved.
|
|
||||||
@@ -1112,12 +1112,8 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
|
|
||||||
"certificate", __func__, id->filename,
|
|
||||||
id->agent_fd != -1 ? " from agent" : "");
|
|
||||||
} else {
|
|
||||||
- /* XXX maybe verbose/error? */
|
|
||||||
- debug("%s: no private key for certificate "
|
|
||||||
+ debug("%s: no separate private key for certificate "
|
|
||||||
"\"%s\"", __func__, id->filename);
|
|
||||||
- free(blob);
|
|
||||||
- buffer_free(&b);
|
|
||||||
- return 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
@ -216,10 +216,6 @@ Patch931: openssh-6.9p1-scp-progressmeter.patch
|
|||||||
Patch932: openssh-7.0p1-gssKexAlgorithms.patch
|
Patch932: openssh-7.0p1-gssKexAlgorithms.patch
|
||||||
# Possibility to validate legacy systems by more fingerprints (#1249626)(#2439)
|
# Possibility to validate legacy systems by more fingerprints (#1249626)(#2439)
|
||||||
Patch933: openssh-7.0p1-show-more-fingerprints.patch
|
Patch933: openssh-7.0p1-show-more-fingerprints.patch
|
||||||
# CVE-2015-8325: ignore PAM environment vars when UseLogin=yes
|
|
||||||
Patch937: openssh-7.2p2-CVE-2015-8325.patch
|
|
||||||
# Regression in certificate based authentication (#1333498)
|
|
||||||
Patch938: openssh-7.2p2-certificats-regress.patch
|
|
||||||
# make s390 use /dev/ crypto devices -- ignore closefrom
|
# make s390 use /dev/ crypto devices -- ignore closefrom
|
||||||
Patch939: openssh-7.2p2-s390-closefrom.patch
|
Patch939: openssh-7.2p2-s390-closefrom.patch
|
||||||
# expose more information to PAM
|
# expose more information to PAM
|
||||||
@ -462,8 +458,6 @@ popd
|
|||||||
%patch931 -p1 -b .progressmeter
|
%patch931 -p1 -b .progressmeter
|
||||||
%patch932 -p1 -b .gsskexalg
|
%patch932 -p1 -b .gsskexalg
|
||||||
%patch933 -p1 -b .fingerprint
|
%patch933 -p1 -b .fingerprint
|
||||||
%patch937 -p1 -b .pam_uselogin_cve
|
|
||||||
%patch938 -p1 -b .certificates
|
|
||||||
%patch939 -p1 -b .s390-dev
|
%patch939 -p1 -b .s390-dev
|
||||||
%patch940 -p1 -b .expose-pam
|
%patch940 -p1 -b .expose-pam
|
||||||
%patch941 -p1 -b .user-enumeration
|
%patch941 -p1 -b .user-enumeration
|
||||||
|
Loading…
Reference in New Issue
Block a user