disallow creation (of empty files) in read-only mode; reported by Michal Zalewski, feedback & ok deraadt@
Affects openssh < 7.6 Signed-off-by: Jagadeesh Krishnanjanappa <[email protected]> --- .../openssh/openssh/CVE-2017-15906.patch | 38 ++++++++++++++++++++++ meta/recipes-connectivity/openssh/openssh_7.5p1.bb | 1 + 2 files changed, 39 insertions(+) create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2017-15906.patch diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2017-15906.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2017-15906.patch new file mode 100644 index 0000000..3ad683d --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2017-15906.patch @@ -0,0 +1,38 @@ +From a6981567e8e215acc1ef690c8dbb30f2d9b00a19 Mon Sep 17 00:00:00 2001 +From: djm <[email protected]> +Date: Tue, 4 Apr 2017 00:24:56 +0000 +Subject: [PATCH] disallow creation (of empty files) in read-only mode; + reported by Michal Zalewski, feedback & ok deraadt@ + +CVE: CVE-2017-15906 +Upstream-Status: Backport [https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19] + +Signed-off-by: Jagadeesh Krishnanjanappa <[email protected]> +--- + usr.bin/ssh/sftp-server.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/usr.bin/ssh/sftp-server.c b/usr.bin/ssh/sftp-server.c +index 2510d234a3a..42249ebd60d 100644 +--- a/usr.bin/ssh/sftp-server.c ++++ b/usr.bin/ssh/sftp-server.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: sftp-server.c,v 1.110 2016/09/12 01:22:38 deraadt Exp $ */ ++/* $OpenBSD: sftp-server.c,v 1.111 2017/04/04 00:24:56 djm Exp $ */ + /* + * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. + * +@@ -683,8 +683,8 @@ process_open(u_int32_t id) + logit("open \"%s\" flags %s mode 0%o", + name, string_from_portable(pflags), mode); + if (readonly && +- ((flags & O_ACCMODE) == O_WRONLY || +- (flags & O_ACCMODE) == O_RDWR)) { ++ ((flags & O_ACCMODE) != O_RDONLY || ++ (flags & (O_CREAT|O_TRUNC)) != 0)) { + verbose("Refusing open request in read-only mode"); + status = SSH2_FX_PERMISSION_DENIED; + } else { +-- +2.13.3 + diff --git a/meta/recipes-connectivity/openssh/openssh_7.5p1.bb b/meta/recipes-connectivity/openssh/openssh_7.5p1.bb index 86ca6ff..395c21b 100644 --- a/meta/recipes-connectivity/openssh/openssh_7.5p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_7.5p1.bb @@ -28,6 +28,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ file://0001-openssh-Fix-syntax-error-on-x32.patch \ file://sshd_check_keys \ + file://CVE-2017-15906.patch;striplevel=3 \ " PAM_SRC_URI = "file://sshd" -- 2.7.4 -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
