Possible remote code execution due to a race condition (CVE-2024-6387)

Resolves: RHEL-45348
This commit is contained in:
Dmitry Belyavskiy 2024-07-04 09:38:45 +02:00
parent 6ca18e235a
commit 96149ae84f
2 changed files with 25 additions and 1 deletions

View File

@ -0,0 +1,18 @@
diff -up openssh-8.7p1/log.c.xxx openssh-8.7p1/log.c
--- openssh-8.7p1/log.c.xxx 2024-06-28 11:02:43.949912398 +0200
+++ openssh-8.7p1/log.c 2024-06-28 11:02:58.652297885 +0200
@@ -455,12 +455,14 @@ void
sshsigdie(const char *file, const char *func, int line, int showfunc,
LogLevel level, const char *suffix, const char *fmt, ...)
{
+#if 0
va_list args;
va_start(args, fmt);
sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL,
suffix, fmt, args);
va_end(args);
+#endif
_exit(1);
}

View File

@ -47,7 +47,7 @@
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%global openssh_ver 8.7p1
%global openssh_rel 41
%global openssh_rel 42
%global pam_ssh_agent_ver 0.10.4
%global pam_ssh_agent_rel 5
@ -292,6 +292,7 @@ Patch1018: openssh-9.6p1-CVE-2023-48795.patch
Patch1019: openssh-9.6p1-CVE-2023-51385.patch
#upstream commit 96faa0de6c673a2ce84736eba37fc9fb723d9e5c
Patch1020: openssh-8.7p1-sigpipe.patch
Patch1021: openssh-9.8p1-upstream-cve-2024-6387.patch
License: BSD
Requires: /sbin/nologin
@ -517,6 +518,7 @@ popd
%patch1018 -p1 -b .cve-2023-48795
%patch1019 -p1 -b .cve-2023-51385
%patch1020 -p1 -b .earlypipe
%patch1021 -p1 -b .cve-2024-6387
autoreconf
pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver}
@ -804,6 +806,10 @@ test -f %{sysconfig_anaconda} && \
%endif
%changelog
* Thu Jul 04 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-42
- Possible remote code execution due to a race condition (CVE-2024-6387)
Resolves: RHEL-45348
* Mon Jun 03 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-41
- Fix ssh multiplexing connect timeout processing
Resolves: RHEL-37748