Fix CVE-2026-35385
Fix privilege escalation via scp legacy protocol when not in preserving file mode Resolves: RHEL-164743 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
This commit is contained in:
Zoltan Fridrich
parent
00192bdcc5
commit
88a5a3fe2b
15
openssh-9.9p1-scp-clear-setuid.patch
Normal file
15
openssh-9.9p1-scp-clear-setuid.patch
Normal file
@ -0,0 +1,15 @@
|
||||
diff --color -ruNp a/scp.c b/scp.c
|
||||
--- a/scp.c 2026-04-07 15:54:11.193730842 +0200
|
||||
+++ b/scp.c 2026-04-07 15:55:52.529425481 +0200
|
||||
@@ -1705,8 +1705,10 @@ sink(int argc, char **argv, const char *
|
||||
|
||||
setimes = targisdir = 0;
|
||||
mask = umask(0);
|
||||
- if (!pflag)
|
||||
+ if (!pflag) {
|
||||
+ mask |= 07000;
|
||||
(void) umask(mask);
|
||||
+ }
|
||||
if (argc != 1) {
|
||||
run_err("ambiguous target");
|
||||
exit(1);
|
||||
10
openssh.spec
10
openssh.spec
@ -66,7 +66,7 @@
|
||||
|
||||
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
||||
%global openssh_ver 8.0p1
|
||||
%global openssh_rel 28
|
||||
%global openssh_rel 29
|
||||
%global pam_ssh_agent_ver 0.10.3
|
||||
%global pam_ssh_agent_rel 7
|
||||
|
||||
@ -300,6 +300,8 @@ Patch1022: openssh-8.0p1-CVE-2025-26465.patch
|
||||
Patch1023: openssh-8.0p1-reject-cntrl-chars-in-username.patch
|
||||
# upstream 43b3bff47bb029f2299bacb6a36057981b39fdb0
|
||||
Patch1024: openssh-8.7p1-reject-null-char-in-url-string.patch
|
||||
# upstream 487e8ac146f7d6616f65c125d5edb210519b833a
|
||||
Patch1025: openssh-9.9p1-scp-clear-setuid.patch
|
||||
|
||||
License: BSD
|
||||
Group: Applications/Internet
|
||||
@ -551,6 +553,7 @@ popd
|
||||
%patch1022 -p2 -b .cve-2025-26465
|
||||
%patch1023 -p1 -b .reject-cntrl-chars-in-username
|
||||
%patch1024 -p1 -b .reject-null-char-in-url-string
|
||||
%patch1025 -p1 -b .scp-clear-setuid
|
||||
|
||||
autoreconf
|
||||
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
|
||||
@ -836,6 +839,11 @@ getent passwd sshd >/dev/null || \
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Apr 13 2026 Zoltan Fridrich <zfridric@redhat.com> - 8.0p1-29
|
||||
- CVE-2026-35385: Fix privilege escalation via scp legacy protocol
|
||||
when not in preserving file mode
|
||||
Resolves: RHEL-164743
|
||||
|
||||
* Mon Mar 16 2026 Zoltan Fridrich <zfridric@redhat.com> - 8.0p1-28
|
||||
- CVE-2026-3497: Fix information disclosure or denial of service due
|
||||
to uninitialized variables in gssapi-keyex
|
||||
|
||||
Loading…
Reference in New Issue
Block a user