diff --git a/openssh-7.2p2-x11.patch b/openssh-7.2p2-x11.patch index 48ce840..b5ca9c1 100644 --- a/openssh-7.2p2-x11.patch +++ b/openssh-7.2p2-x11.patch @@ -30,7 +30,7 @@ diff -up openssh-7.2p2/channels.c.x11 openssh-7.2p2/channels.c return -1; } -@@ -4012,8 +4015,18 @@ static int +@@ -4668,8 +4671,19 @@ static int connect_local_xsocket(u_int dnr) { char buf[1024]; @@ -39,10 +39,11 @@ diff -up openssh-7.2p2/channels.c.x11 openssh-7.2p2/channels.c + int len, ret; + len = snprintf(buf + 1, sizeof (buf) - 1, _PATH_UNIX_X, dnr); +#ifdef linux -+ /* try abstract socket first */ -+ buf[0] = '\0'; -+ if ((ret = connect_local_xsocket_path(buf, len + 1)) >= 0) -+ return ret; ++ if (getenv("SSH_INSECURE_ABSTRACT_SOCKET_ENABLED") != NULL) { ++ buf[0] = '\0'; ++ if ((ret = connect_local_xsocket_path(buf, len + 1)) >= 0) ++ return ret; ++ } +#endif + if ((ret = connect_local_xsocket_path(buf + 1, len)) >= 0) + return ret; diff --git a/openssh.spec b/openssh.spec index e5197d9..2b7a678 100644 --- a/openssh.spec +++ b/openssh.spec @@ -858,6 +858,9 @@ getent passwd sshd >/dev/null || \ - CVE-2026-55653: Fix double free in openssh DH-GEX client path during FIPS known-group validation that leads to client-side denial of service Resolves: RHEL-185775 +- CVE-2026-55655: Fix MITM of X11 forwarding via abstract UNIX socket + pre-binding + Resolves: RHEL-185855 * Mon Apr 13 2026 Zoltan Fridrich - 8.0p1-29 - CVE-2026-35385: Fix privilege escalation via scp legacy protocol