Fix CVE-2026-55655
Fix MITM of X11 forwarding via abstract UNIX socket pre-binding Resolves: RHEL-185855 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
This commit is contained in:
parent
9eb205cba9
commit
f5884ebcc6
@ -30,7 +30,7 @@ diff -up openssh-7.2p2/channels.c.x11 openssh-7.2p2/channels.c
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -4012,8 +4015,18 @@ static int
|
||||
@@ -4668,8 +4671,19 @@ static int
|
||||
connect_local_xsocket(u_int dnr)
|
||||
{
|
||||
char buf[1024];
|
||||
@ -39,10 +39,11 @@ diff -up openssh-7.2p2/channels.c.x11 openssh-7.2p2/channels.c
|
||||
+ int len, ret;
|
||||
+ len = snprintf(buf + 1, sizeof (buf) - 1, _PATH_UNIX_X, dnr);
|
||||
+#ifdef linux
|
||||
+ /* try abstract socket first */
|
||||
+ buf[0] = '\0';
|
||||
+ if ((ret = connect_local_xsocket_path(buf, len + 1)) >= 0)
|
||||
+ return ret;
|
||||
+ if (getenv("SSH_INSECURE_ABSTRACT_SOCKET_ENABLED") != NULL) {
|
||||
+ buf[0] = '\0';
|
||||
+ if ((ret = connect_local_xsocket_path(buf, len + 1)) >= 0)
|
||||
+ return ret;
|
||||
+ }
|
||||
+#endif
|
||||
+ if ((ret = connect_local_xsocket_path(buf + 1, len)) >= 0)
|
||||
+ return ret;
|
||||
|
||||
@ -858,6 +858,9 @@ getent passwd sshd >/dev/null || \
|
||||
- CVE-2026-55653: Fix double free in openssh DH-GEX client path during
|
||||
FIPS known-group validation that leads to client-side denial of service
|
||||
Resolves: RHEL-185775
|
||||
- CVE-2026-55655: Fix MITM of X11 forwarding via abstract UNIX socket
|
||||
pre-binding
|
||||
Resolves: RHEL-185855
|
||||
|
||||
* Mon Apr 13 2026 Zoltan Fridrich <zfridric@redhat.com> - 8.0p1-29
|
||||
- CVE-2026-35385: Fix privilege escalation via scp legacy protocol
|
||||
|
||||
Loading…
Reference in New Issue
Block a user