Fix CVE-2026-55655
Fix MITM of X11 forwarding via abstract UNIX socket pre-binding Resolves: RHEL-185850 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
This commit is contained in:
parent
5d6c77dc9c
commit
f39b4284bf
@ -32,7 +32,7 @@ diff --git a/channels.c b/channels.c
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -5099,8 +5102,18 @@
|
||||
@@ -5099,8 +5102,19 @@
|
||||
connect_local_xsocket(u_int dnr)
|
||||
{
|
||||
char buf[1024];
|
||||
@ -41,10 +41,11 @@ diff --git a/channels.c b/channels.c
|
||||
+ int len, ret;
|
||||
+ len = snprintf(buf + 1, sizeof (buf) - 1, _PATH_UNIX_X, dnr);
|
||||
+#ifdef linux
|
||||
+ /* try abstract socket first */
|
||||
+ buf[0] = '\0';
|
||||
+ if ((ret = connect_local_xsocket_path(buf, len + 1)) >= 0)
|
||||
+ return ret;
|
||||
+ if (getenv("SSH_INSECURE_ABSTRACT_SOCKET_ENABLED") != NULL) {
|
||||
+ buf[0] = '\0';
|
||||
+ if ((ret = connect_local_xsocket_path(buf, len + 1)) >= 0)
|
||||
+ return ret;
|
||||
+ }
|
||||
+#endif
|
||||
+ if ((ret = connect_local_xsocket_path(buf + 1, len)) >= 0)
|
||||
+ return ret;
|
||||
|
||||
@ -779,6 +779,9 @@ test -f %{sysconfig_anaconda} && \
|
||||
- CVE-2026-55654: Fix heap out-of-bounds read during GSSAPI indicator
|
||||
cleanup due to missing NULL terminator
|
||||
Resolves: RHEL-185835
|
||||
- CVE-2026-55655: Fix MITM of X11 forwarding via abstract UNIX socket
|
||||
pre-binding
|
||||
Resolves: RHEL-185850
|
||||
|
||||
* Wed Apr 01 2026 Zoltan Fridrich <zfridric@redhat.com> - 9.9p1-8
|
||||
- Fix static analysis issues
|
||||
|
||||
Loading…
Reference in New Issue
Block a user