From c4d40580f3675b99e3524240e9eb16a2468c3775 Mon Sep 17 00:00:00 2001 From: Andrew Lukoshko Date: Mon, 8 Jul 2024 12:45:52 +0000 Subject: [PATCH] Sync with c9 --- ...penssh-9.8p1-upstream-cve-2024-6387.patch} | 19 +++---------------- SPECS/openssh.spec | 16 ++++++---------- 2 files changed, 9 insertions(+), 26 deletions(-) rename SOURCES/{openssh-8.7p1-CVE-2024-6387.patch => openssh-9.8p1-upstream-cve-2024-6387.patch} (50%) diff --git a/SOURCES/openssh-8.7p1-CVE-2024-6387.patch b/SOURCES/openssh-9.8p1-upstream-cve-2024-6387.patch similarity index 50% rename from SOURCES/openssh-8.7p1-CVE-2024-6387.patch rename to SOURCES/openssh-9.8p1-upstream-cve-2024-6387.patch index 16a9625..754d279 100644 --- a/SOURCES/openssh-8.7p1-CVE-2024-6387.patch +++ b/SOURCES/openssh-9.8p1-upstream-cve-2024-6387.patch @@ -1,16 +1,6 @@ -From c5e8a80082efd50234a26b5af28f437f4e54b6a3 Mon Sep 17 00:00:00 2001 -From: Andrew Lukoshko -Date: Mon, 1 Jul 2024 13:53:00 +0000 -Subject: [PATCH] Fix CVE-2024-6387 - ---- - log.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/log.c b/log.c -index a2f9c75..4f04713 100644 ---- a/log.c -+++ b/log.c +diff -up openssh-8.7p1/log.c.xxx openssh-8.7p1/log.c +--- openssh-8.7p1/log.c.xxx 2024-06-28 11:02:43.949912398 +0200 ++++ openssh-8.7p1/log.c 2024-06-28 11:02:58.652297885 +0200 @@ -455,12 +455,14 @@ void sshsigdie(const char *file, const char *func, int line, int showfunc, LogLevel level, const char *suffix, const char *fmt, ...) @@ -26,6 +16,3 @@ index a2f9c75..4f04713 100644 _exit(1); } --- -2.43.5 - diff --git a/SPECS/openssh.spec b/SPECS/openssh.spec index 3410b27..9c467db 100644 --- a/SPECS/openssh.spec +++ b/SPECS/openssh.spec @@ -54,7 +54,7 @@ Summary: An open source implementation of SSH protocol version 2 Name: openssh Version: %{openssh_ver} -Release: %{openssh_rel}%{?dist}.alma.2 +Release: %{openssh_rel}%{?dist}.1 URL: http://www.openssh.com/portable.html #URL1: https://github.com/jbeverly/pam_ssh_agent_auth/ Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz @@ -288,10 +288,7 @@ Patch1017: openssh-9.4p2-limit-delay.patch Patch1018: openssh-9.6p1-CVE-2023-48795.patch #upstream commit 7ef3787c84b6b524501211b11a26c742f829af1a Patch1019: openssh-9.6p1-CVE-2023-51385.patch - -# fix CVE-2024-6387 -# https://openwall.com/lists/oss-security/2024/07/01/3 -Patch1020: openssh-8.7p1-CVE-2024-6387.patch +Patch1020: openssh-9.8p1-upstream-cve-2024-6387.patch License: BSD Requires: /sbin/nologin @@ -366,7 +363,7 @@ Requires: openssh = %{version}-%{release} %package -n pam_ssh_agent_auth Summary: PAM module for authentication with ssh-agent Version: %{pam_ssh_agent_ver} -Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}.alma.2 +Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}.1 License: BSD %description @@ -515,7 +512,6 @@ popd %patch1017 -p1 -b .limitdelay %patch1018 -p1 -b .cve-2023-48795 %patch1019 -p1 -b .cve-2023-51385 - %patch1020 -p1 -b .cve-2024-6387 autoreconf @@ -804,9 +800,9 @@ test -f %{sysconfig_anaconda} && \ %endif %changelog -* Mon Jul 01 2024 Jonathan Wright - 8.7p1-38.alma.2 -- Fix regreSSHion attack - Resolves: CVE-2024-6387 +* Fri Jun 28 2024 Dmitry Belyavskiy - 8.7p1-38.1 +- Possible remote code execution due to a race condition (CVE-2024-6387) + Resolves: RHEL-45347 * Fri Jan 05 2024 Dmitry Belyavskiy - 8.7p1-38 - Fix Terrapin attack