Merge pull request 'fix regreSSHion attack CVE-2024-6387' (#1) from jonathan/openssh:a9 into a9
Reviewed-on: #1
This commit is contained in:
commit
79086d6943
30
SOURCES/openssh-8.7p1-CVE-2024-6387.patch
Normal file
30
SOURCES/openssh-8.7p1-CVE-2024-6387.patch
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
From 0e3e0757b4fba0799f045594ad03cb55fb21560a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jonathan Wright <jonathan@almalinux.org>
|
||||||
|
Date: Mon, 1 Jul 2024 08:41:24 -0500
|
||||||
|
Subject: [PATCH] fix CVE-2024-6387
|
||||||
|
|
||||||
|
---
|
||||||
|
log.c | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/log.c b/log.c
|
||||||
|
index 42c6f9a..679c527 100644
|
||||||
|
--- a/log.c
|
||||||
|
+++ b/log.c
|
||||||
|
@@ -448,12 +448,14 @@ void
|
||||||
|
sshsigdie(const char *file, const char *func, int line, int showfunc,
|
||||||
|
LogLevel level, const char *suffix, const char *fmt, ...)
|
||||||
|
{
|
||||||
|
+#if 0
|
||||||
|
va_list args;
|
||||||
|
|
||||||
|
va_start(args, fmt);
|
||||||
|
sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL,
|
||||||
|
suffix, fmt, args);
|
||||||
|
va_end(args);
|
||||||
|
+#endif
|
||||||
|
_exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.45.2
|
@ -54,7 +54,7 @@
|
|||||||
Summary: An open source implementation of SSH protocol version 2
|
Summary: An open source implementation of SSH protocol version 2
|
||||||
Name: openssh
|
Name: openssh
|
||||||
Version: %{openssh_ver}
|
Version: %{openssh_ver}
|
||||||
Release: %{openssh_rel}%{?dist}
|
Release: %{openssh_rel}%{?dist}.alma.1
|
||||||
URL: http://www.openssh.com/portable.html
|
URL: http://www.openssh.com/portable.html
|
||||||
#URL1: https://github.com/jbeverly/pam_ssh_agent_auth/
|
#URL1: https://github.com/jbeverly/pam_ssh_agent_auth/
|
||||||
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
|
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
|
||||||
@ -289,6 +289,10 @@ Patch1018: openssh-9.6p1-CVE-2023-48795.patch
|
|||||||
#upstream commit 7ef3787c84b6b524501211b11a26c742f829af1a
|
#upstream commit 7ef3787c84b6b524501211b11a26c742f829af1a
|
||||||
Patch1019: openssh-9.6p1-CVE-2023-51385.patch
|
Patch1019: openssh-9.6p1-CVE-2023-51385.patch
|
||||||
|
|
||||||
|
# fix CVE-2024-6387
|
||||||
|
# https://openwall.com/lists/oss-security/2024/07/01/3
|
||||||
|
Patch1020: openssh-8.7p1-CVE-2024-6387.patch
|
||||||
|
|
||||||
License: BSD
|
License: BSD
|
||||||
Requires: /sbin/nologin
|
Requires: /sbin/nologin
|
||||||
|
|
||||||
@ -798,6 +802,10 @@ test -f %{sysconfig_anaconda} && \
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon July 01 2024 Jonathan Wright <jonathan@almalinux.org> - 8.7p1-38.alma.1
|
||||||
|
- Fix regreSSHion attack
|
||||||
|
Resolves: CVE-2024-6387
|
||||||
|
|
||||||
* Fri Jan 05 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-38
|
* Fri Jan 05 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-38
|
||||||
- Fix Terrapin attack
|
- Fix Terrapin attack
|
||||||
Resolves: CVE-2023-48795
|
Resolves: CVE-2023-48795
|
||||||
|
Loading…
Reference in New Issue
Block a user