Possible remote code execution due to a race condition (CVE-2024-6387)

Resolves: RHEL-45348

openssh-9.8p1-upstream-cve-2024-6387.patch

@@ -0,0 +1,18 @@
+diff -up openssh-8.7p1/log.c.xxx openssh-8.7p1/log.c
+--- openssh-8.7p1/log.c.xxx	2024-06-28 11:02:43.949912398 +0200
++++ openssh-8.7p1/log.c	2024-06-28 11:02:58.652297885 +0200
+@@ -455,12 +455,14 @@ void
+ sshsigdie(const char *file, const char *func, int line, int showfunc,
+     LogLevel level, const char *suffix, const char *fmt, ...)
+ {
++#if 0
+ 	va_list args;
+ 
+ 	va_start(args, fmt);
+ 	sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL,
+ 	    suffix, fmt, args);
+ 	va_end(args);
++#endif
+ 	_exit(1);
+ }
+ 

openssh.spec

@@ -47,7 +47,7 @@
 
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %global openssh_ver 8.7p1
-%global openssh_rel 41
+%global openssh_rel 42
 %global pam_ssh_agent_ver 0.10.4
 %global pam_ssh_agent_rel 5
 
@@ -292,6 +292,7 @@ Patch1018: openssh-9.6p1-CVE-2023-48795.patch
 Patch1019: openssh-9.6p1-CVE-2023-51385.patch
 #upstream commit 96faa0de6c673a2ce84736eba37fc9fb723d9e5c
 Patch1020: openssh-8.7p1-sigpipe.patch
+Patch1021: openssh-9.8p1-upstream-cve-2024-6387.patch
 
 License: BSD
 Requires: /sbin/nologin
@@ -517,6 +518,7 @@ popd
 %patch1018 -p1 -b .cve-2023-48795
 %patch1019 -p1 -b .cve-2023-51385
 %patch1020 -p1 -b .earlypipe
+%patch1021 -p1 -b .cve-2024-6387
 
 autoreconf
 pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver}
@@ -804,6 +806,10 @@ test -f %{sysconfig_anaconda} && \
 %endif
 
 %changelog
+* Thu Jul 04 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-42
+- Possible remote code execution due to a race condition (CVE-2024-6387)
+  Resolves: RHEL-45348
+
 * Mon Jun 03 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-41
 - Fix ssh multiplexing connect timeout processing
   Resolves: RHEL-37748