On Wed, Jul 3, 2024 at 5:17 AM Jose Quaresma via lists.openembedded.org <[email protected]> wrote: > > sshd(8) in Portable OpenSSH versions 8.5p1 to 9.7p1 (inclusive). > Race condition resulting in potential remote code execution. > A race condition in sshd(8) could allow remote code execution as root on > non-OpenBSD systems. > This attack could be prevented by disabling the login grace timeout > (LoginGraceTime=0 in sshd_config) > though this makes denial-of service against sshd(8) considerably easier. > For more information, please refer to the release notes [1] and the > report from the Qualys Security Advisory Team [2] who discovered the bug. > > [1] https://www.openssh.com/txt/release-9.8 > [2] https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt > > References: > https://www.openssh.com/security.html > > Signed-off-by: Jose Quaresma <[email protected]> > --- > .../openssh/openssh/CVE-2024-6387.patch | 27 +++++++++++++++++++ > .../openssh/openssh_9.6p1.bb | 1 + > 2 files changed, 28 insertions(+) > create mode 100644 > meta/recipes-connectivity/openssh/openssh/CVE-2024-6387.patch > > diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2024-6387.patch > b/meta/recipes-connectivity/openssh/openssh/CVE-2024-6387.patch > new file mode 100644 > index 0000000000..3e7c707100 > --- /dev/null > +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2024-6387.patch > @@ -0,0 +1,27 @@ > +Description: fix signal handler race condition > +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2070497 > + > +CVE: CVE-2024-6387 > + > +Upstream-Status: Backport > +https://git.launchpad.net/ubuntu/+source/openssh/commit/?h=applied/ubuntu/jammy-devel&id=b059bcfa928df4ff2d103ae2e8f4e3136ee03efc
Launchpad is not the upstream for openssh, please send a V2 that references the actual upstream commit. Thanks! Steve > + > +Signed-off-by: Jose Quaresma <[email protected]> > + > +--- a/log.c > ++++ b/log.c > +@@ -452,12 +452,14 @@ void > + sshsigdie(const char *file, const char *func, int line, int showfunc, > + LogLevel level, const char *suffix, const char *fmt, ...) > + { > ++#if 0 > + va_list args; > + > + va_start(args, fmt); > + sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL, > + suffix, fmt, args); > + va_end(args); > ++#endif > + _exit(1); > + } > + > diff --git a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb > b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb > index d941664b41..3cdf0327b0 100644 > --- a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb > +++ b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb > @@ -27,6 +27,7 @@ SRC_URI = > "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar > file://add-test-support-for-busybox.patch \ > > file://0001-regress-banner.sh-log-input-and-output-files-on-erro.patch \ > > file://0001-systemd-Add-optional-support-for-systemd-sd_notify.patch \ > + file://CVE-2024-6387.patch \ > " > SRC_URI[sha256sum] = > "910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c" > > -- > 2.45.2 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#201476): https://lists.openembedded.org/g/openembedded-core/message/201476 Mute This Topic: https://lists.openembedded.org/mt/107018061/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
