From 96149ae84f263ab1a143515c58f2567b23c2843d Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Thu, 4 Jul 2024 09:38:45 +0200 Subject: [PATCH] Possible remote code execution due to a race condition (CVE-2024-6387) Resolves: RHEL-45348 --- openssh-9.8p1-upstream-cve-2024-6387.patch | 18 ++++++++++++++++++ openssh.spec | 8 +++++++- 2 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 openssh-9.8p1-upstream-cve-2024-6387.patch diff --git a/openssh-9.8p1-upstream-cve-2024-6387.patch b/openssh-9.8p1-upstream-cve-2024-6387.patch new file mode 100644 index 0000000..754d279 --- /dev/null +++ b/openssh-9.8p1-upstream-cve-2024-6387.patch @@ -0,0 +1,18 @@ +diff -up openssh-8.7p1/log.c.xxx openssh-8.7p1/log.c +--- openssh-8.7p1/log.c.xxx 2024-06-28 11:02:43.949912398 +0200 ++++ openssh-8.7p1/log.c 2024-06-28 11:02:58.652297885 +0200 +@@ -455,12 +455,14 @@ void + sshsigdie(const char *file, const char *func, int line, int showfunc, + LogLevel level, const char *suffix, const char *fmt, ...) + { ++#if 0 + va_list args; + + va_start(args, fmt); + sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL, + suffix, fmt, args); + va_end(args); ++#endif + _exit(1); + } + diff --git a/openssh.spec b/openssh.spec index bb29732..714286a 100644 --- a/openssh.spec +++ b/openssh.spec @@ -47,7 +47,7 @@ # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %global openssh_ver 8.7p1 -%global openssh_rel 41 +%global openssh_rel 42 %global pam_ssh_agent_ver 0.10.4 %global pam_ssh_agent_rel 5 @@ -292,6 +292,7 @@ Patch1018: openssh-9.6p1-CVE-2023-48795.patch Patch1019: openssh-9.6p1-CVE-2023-51385.patch #upstream commit 96faa0de6c673a2ce84736eba37fc9fb723d9e5c Patch1020: openssh-8.7p1-sigpipe.patch +Patch1021: openssh-9.8p1-upstream-cve-2024-6387.patch License: BSD Requires: /sbin/nologin @@ -517,6 +518,7 @@ popd %patch1018 -p1 -b .cve-2023-48795 %patch1019 -p1 -b .cve-2023-51385 %patch1020 -p1 -b .earlypipe +%patch1021 -p1 -b .cve-2024-6387 autoreconf pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver} @@ -804,6 +806,10 @@ test -f %{sysconfig_anaconda} && \ %endif %changelog +* Thu Jul 04 2024 Dmitry Belyavskiy - 8.7p1-42 +- Possible remote code execution due to a race condition (CVE-2024-6387) + Resolves: RHEL-45348 + * Mon Jun 03 2024 Dmitry Belyavskiy - 8.7p1-41 - Fix ssh multiplexing connect timeout processing Resolves: RHEL-37748