diff --git a/SOURCES/openssh-9.8p1-upstream-cve-2024-6387.patch b/SOURCES/openssh-9.8p1-upstream-cve-2024-6387.patch index 754d279..fffd50a 100644 --- a/SOURCES/openssh-9.8p1-upstream-cve-2024-6387.patch +++ b/SOURCES/openssh-9.8p1-upstream-cve-2024-6387.patch @@ -16,3 +16,15 @@ diff -up openssh-8.7p1/log.c.xxx openssh-8.7p1/log.c _exit(1); } +diff -up openssh-8.7p1/sshd.c.xxx openssh-8.7p1/sshd.c +--- openssh-8.7p1/sshd.c.xxx 2024-07-01 10:33:04.332907749 +0200 ++++ openssh-8.7p1/sshd.c 2024-07-01 10:33:47.843998038 +0200 +@@ -384,7 +384,7 @@ grace_alarm_handler(int sig) + + /* Log error and exit. */ + if (use_privsep && pmonitor != NULL && pmonitor->m_pid <= 0) +- cleanup_exit(255); /* don't log in privsep child */ ++ _exit(255); /* don't log in privsep child */ + else { + sigdie("Timeout before authentication for %s port %d", + ssh_remote_ipaddr(the_active_state), diff --git a/SPECS/openssh.spec b/SPECS/openssh.spec index 9c467db..b678330 100644 --- a/SPECS/openssh.spec +++ b/SPECS/openssh.spec @@ -54,7 +54,7 @@ Summary: An open source implementation of SSH protocol version 2 Name: openssh Version: %{openssh_ver} -Release: %{openssh_rel}%{?dist}.1 +Release: %{openssh_rel}%{?dist}.4 URL: http://www.openssh.com/portable.html #URL1: https://github.com/jbeverly/pam_ssh_agent_auth/ Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz @@ -363,7 +363,7 @@ Requires: openssh = %{version}-%{release} %package -n pam_ssh_agent_auth Summary: PAM module for authentication with ssh-agent Version: %{pam_ssh_agent_ver} -Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}.1 +Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}.4 License: BSD %description @@ -800,6 +800,16 @@ test -f %{sysconfig_anaconda} && \ %endif %changelog +* Wed Jul 03 2024 Dmitry Belyavskiy - 8.7p1-38.4 +- rebuilt + +* Wed Jul 03 2024 Dmitry Belyavskiy - 8.7p1-38.3 +- rebuilt + +* Mon Jul 01 2024 Dmitry Belyavskiy - 8.7p1-38.2 +- Possible remote code execution due to a race condition (CVE-2024-6409) + Resolves: RHEL-45740 + * Fri Jun 28 2024 Dmitry Belyavskiy - 8.7p1-38.1 - Possible remote code execution due to a race condition (CVE-2024-6387) Resolves: RHEL-45347