Possible remote code execution due to a race condition (CVE-2024-6409)

Resolves: RHEL-45741
2024-07-09 16:54:56 +02:00 · 2024-07-09 16:54:56 +02:00 · 2a5b657c60
commit 2a5b657c60
parent 96149ae84f
2 changed files with 17 additions and 1 deletions
--- a/openssh-9.8p1-upstream-cve-2024-6387.patch
+++ b/openssh-9.8p1-upstream-cve-2024-6387.patch
@ -16,3 +16,15 @@ diff -up openssh-8.7p1/log.c.xxx openssh-8.7p1/log.c
 	_exit(1);
 }
 
+diff -up openssh-8.7p1/sshd.c.xxx openssh-8.7p1/sshd.c
+--- openssh-8.7p1/sshd.c.xxx	2024-07-01 10:33:04.332907749 +0200
+++ openssh-8.7p1/sshd.c	2024-07-01 10:33:47.843998038 +0200
+@@ -384,7 +384,7 @@ grace_alarm_handler(int sig)
+ 
+ 	/* Log error and exit. */
+ 	if (use_privsep && pmonitor != NULL && pmonitor->m_pid <= 0)
+-		cleanup_exit(255); /* don't log in privsep child */
+		_exit(255); /* don't log in privsep child */
+ 	else {
+ 		sigdie("Timeout before authentication for %s port %d",
+ 		    ssh_remote_ipaddr(the_active_state),
--- a/openssh.spec
+++ b/openssh.spec
@ -47,7 +47,7 @@

 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %global openssh_ver 8.7p1
-%global openssh_rel 42
+%global openssh_rel 43
 %global pam_ssh_agent_ver 0.10.4
 %global pam_ssh_agent_rel 5

@ -806,6 +806,10 @@ test -f %{sysconfig_anaconda} && \
 %endif

 %changelog
+* Tue Jul 09 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-43
+- Possible remote code execution due to a race condition (CVE-2024-6409)
+  Resolves: RHEL-45741
+
 * Thu Jul 04 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-42
 - Possible remote code execution due to a race condition (CVE-2024-6387)
  Resolves: RHEL-45348