diff --git a/SOURCES/openssh-8.7p1-CVE-2024-6387.patch b/SOURCES/openssh-8.7p1-CVE-2024-6387.patch new file mode 100644 index 0000000..d2de7eb --- /dev/null +++ b/SOURCES/openssh-8.7p1-CVE-2024-6387.patch @@ -0,0 +1,30 @@ +From 0e3e0757b4fba0799f045594ad03cb55fb21560a Mon Sep 17 00:00:00 2001 +From: Jonathan Wright +Date: Mon, 1 Jul 2024 08:41:24 -0500 +Subject: [PATCH] fix CVE-2024-6387 + +--- + log.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/log.c b/log.c +index 42c6f9a..679c527 100644 +--- a/log.c ++++ b/log.c +@@ -448,12 +448,14 @@ void + sshsigdie(const char *file, const char *func, int line, int showfunc, + LogLevel level, const char *suffix, const char *fmt, ...) + { ++#if 0 + va_list args; + + va_start(args, fmt); + sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL, + suffix, fmt, args); + va_end(args); ++#endif + _exit(1); + } + +-- +2.45.2 diff --git a/SPECS/openssh.spec b/SPECS/openssh.spec index 8a7a38e..badc03d 100644 --- a/SPECS/openssh.spec +++ b/SPECS/openssh.spec @@ -54,7 +54,7 @@ Summary: An open source implementation of SSH protocol version 2 Name: openssh Version: %{openssh_ver} -Release: %{openssh_rel}%{?dist} +Release: %{openssh_rel}%{?dist}.alma.1 URL: http://www.openssh.com/portable.html #URL1: https://github.com/jbeverly/pam_ssh_agent_auth/ Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz @@ -289,6 +289,10 @@ Patch1018: openssh-9.6p1-CVE-2023-48795.patch #upstream commit 7ef3787c84b6b524501211b11a26c742f829af1a Patch1019: openssh-9.6p1-CVE-2023-51385.patch +# fix CVE-2024-6387 +# https://openwall.com/lists/oss-security/2024/07/01/3 +Patch1020: openssh-8.7p1-CVE-2024-6387.patch + License: BSD Requires: /sbin/nologin @@ -798,6 +802,10 @@ test -f %{sysconfig_anaconda} && \ %endif %changelog +* Mon July 01 2024 Jonathan Wright - 8.7p1-38.alma.1 +- Fix regreSSHion attack + Resolves: CVE-2024-6387 + * Fri Jan 05 2024 Dmitry Belyavskiy - 8.7p1-38 - Fix Terrapin attack Resolves: CVE-2023-48795