From 2a5b657c6099dd1b7d3beefe1f120c0e4df388d3 Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Tue, 9 Jul 2024 16:54:56 +0200 Subject: [PATCH] Possible remote code execution due to a race condition (CVE-2024-6409) Resolves: RHEL-45741 --- openssh-9.8p1-upstream-cve-2024-6387.patch | 12 ++++++++++++ openssh.spec | 6 +++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/openssh-9.8p1-upstream-cve-2024-6387.patch b/openssh-9.8p1-upstream-cve-2024-6387.patch index 754d279..fffd50a 100644 --- a/openssh-9.8p1-upstream-cve-2024-6387.patch +++ b/openssh-9.8p1-upstream-cve-2024-6387.patch @@ -16,3 +16,15 @@ diff -up openssh-8.7p1/log.c.xxx openssh-8.7p1/log.c _exit(1); } +diff -up openssh-8.7p1/sshd.c.xxx openssh-8.7p1/sshd.c +--- openssh-8.7p1/sshd.c.xxx 2024-07-01 10:33:04.332907749 +0200 ++++ openssh-8.7p1/sshd.c 2024-07-01 10:33:47.843998038 +0200 +@@ -384,7 +384,7 @@ grace_alarm_handler(int sig) + + /* Log error and exit. */ + if (use_privsep && pmonitor != NULL && pmonitor->m_pid <= 0) +- cleanup_exit(255); /* don't log in privsep child */ ++ _exit(255); /* don't log in privsep child */ + else { + sigdie("Timeout before authentication for %s port %d", + ssh_remote_ipaddr(the_active_state), diff --git a/openssh.spec b/openssh.spec index 714286a..e69e53a 100644 --- a/openssh.spec +++ b/openssh.spec @@ -47,7 +47,7 @@ # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %global openssh_ver 8.7p1 -%global openssh_rel 42 +%global openssh_rel 43 %global pam_ssh_agent_ver 0.10.4 %global pam_ssh_agent_rel 5 @@ -806,6 +806,10 @@ test -f %{sysconfig_anaconda} && \ %endif %changelog +* Tue Jul 09 2024 Dmitry Belyavskiy - 8.7p1-43 +- Possible remote code execution due to a race condition (CVE-2024-6409) + Resolves: RHEL-45741 + * Thu Jul 04 2024 Dmitry Belyavskiy - 8.7p1-42 - Possible remote code execution due to a race condition (CVE-2024-6387) Resolves: RHEL-45348