From: Armin Kuster <[email protected]> SECURITY: Fix an out of-bound read access in the packet handling code. Reported by Ben Hawkes https://anongit.mindrot.org/openssh.git/commit/?id=2fecfd486bdba9f51b3a789277bb0733ca36e1c
Signed-off-by: Armin Kuster <[email protected]> --- .../openssh/CVE-2016-1907_upstream_commit.patch | 33 ++++++++++++++++++++++ meta/recipes-connectivity/openssh/openssh_7.1p2.bb | 3 +- 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_upstream_commit.patch diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_upstream_commit.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_upstream_commit.patch new file mode 100644 index 0000000..f3d132e --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_upstream_commit.patch @@ -0,0 +1,33 @@ +From d77148e3a3ef6c29b26ec74331455394581aa257 Mon Sep 17 00:00:00 2001 +From: "[email protected]" <[email protected]> +Date: Sun, 8 Nov 2015 21:59:11 +0000 +Subject: [PATCH] upstream commit + +fix OOB read in packet code caused by missing return + statement found by Ben Hawkes; ok markus@ deraadt@ + +Upstream-ID: a3e3a85434ebfa0690d4879091959591f30efc62 + +Upstream-Status: Backport +CVE: CVE-2016-1907 + +[YOCTO #8935] + +Signed-off-by: Armin Kuster <[email protected]> + +--- + packet.c | 1 + + 1 file changed, 1 insertion(+) + +Index: openssh-7.1p2/packet.c +=================================================================== +--- openssh-7.1p2.orig/packet.c ++++ openssh-7.1p2/packet.c +@@ -1855,6 +1855,7 @@ ssh_packet_process_incoming(struct ssh * + if (len >= state->packet_discard) { + if ((r = ssh_packet_stop_discard(ssh)) != 0) + return r; ++ return SSH_ERR_CONN_CORRUPT; + } + state->packet_discard -= len; + return 0; diff --git a/meta/recipes-connectivity/openssh/openssh_7.1p2.bb b/meta/recipes-connectivity/openssh/openssh_7.1p2.bb index ac824ee..288d37e 100644 --- a/meta/recipes-connectivity/openssh/openssh_7.1p2.bb +++ b/meta/recipes-connectivity/openssh/openssh_7.1p2.bb @@ -20,7 +20,8 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar. file://sshdgenkeys.service \ file://volatiles.99_sshd \ file://add-test-support-for-busybox.patch \ - file://run-ptest" + file://run-ptest \ + file://CVE-2016-1907_upstream_commit.patch " PAM_SRC_URI = "file://sshd" -- 1.9.1 -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
