[OE-core][kirkstone 4/7] openssh: fix CVE-2024-6387

public inbox for openembedded-core@lists.openembedded.org
 help / color / mirror / Atom feed

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 4/7] openssh: fix CVE-2024-6387
Date: Thu,  4 Jul 2024 05:32:09 -0700	[thread overview]
Message-ID: <ddb998d16fd869acb00a1cd8038ada20fd32aa8b.1720096173.git.steve@sakoman.com> (raw)
In-Reply-To: <cover.1720096173.git.steve@sakoman.com>

From: Jose Quaresma <quaresma.jose@gmail.com>

sshd(8) in Portable OpenSSH versions 8.5p1 to 9.7p1 (inclusive).
Race condition resulting in potential remote code execution.
A race condition in sshd(8) could allow remote code execution as root on non-OpenBSD systems.
This attack could be prevented by disabling the login grace timeout (LoginGraceTime=0 in sshd_config)
though this makes denial-of service against sshd(8) considerably easier.
For more information, please refer to the release notes [1] and the
report from the Qualys Security Advisory Team [2] who discovered the bug.

[1] https://www.openssh.com/txt/release-9.8
[2] https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt

References:
https://www.openssh.com/security.html

Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>

v2: include the missing cve tag: CVE: CVE-2024-6387
v3: add the Signed-off-by on the CVE-2024-6387.patch
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../openssh/openssh/CVE-2024-6387.patch       | 27 +++++++++++++++++++
 .../openssh/openssh_8.9p1.bb                  |  1 +
 2 files changed, 28 insertions(+)
 create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2024-6387.patch

diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2024-6387.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2024-6387.patch
new file mode 100644
index 0000000000..3e7c707100
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2024-6387.patch
@@ -0,0 +1,27 @@
+Description: fix signal handler race condition
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2070497
+
+CVE: CVE-2024-6387
+
+Upstream-Status: Backport
+https://git.launchpad.net/ubuntu/+source/openssh/commit/?h=applied/ubuntu/jammy-devel&id=b059bcfa928df4ff2d103ae2e8f4e3136ee03efc
+
+Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
+
+--- a/log.c
++++ b/log.c
+@@ -452,12 +452,14 @@ void
+ sshsigdie(const char *file, const char *func, int line, int showfunc,
+     LogLevel level, const char *suffix, const char *fmt, ...)
+ {
++#if 0
+ 	va_list args;
+ 
+ 	va_start(args, fmt);
+ 	sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL,
+ 	    suffix, fmt, args);
+ 	va_end(args);
++#endif
+ 	_exit(1);
+ }
+ 
diff --git a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb
index 6411a64eff..d2c477a062 100644
--- a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb
@@ -36,6 +36,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
            file://CVE-2023-48795.patch \
            file://CVE-2023-51384.patch \
            file://CVE-2023-51385.patch \
+           file://CVE-2024-6387.patch \
            "
 SRC_URI[sha256sum] = "fd497654b7ab1686dac672fb83dfb4ba4096e8b5ffcdaccd262380ae58bec5e7"
 
-- 
2.34.1

next prev parent reply	other threads:[~2024-07-04 12:32 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-07-04 12:32 [OE-core][kirkstone 0/7] Patch review Steve Sakoman
2024-07-04 12:32 ` [OE-core][kirkstone 1/7] wget: Fix for CVE-2024-38428 Steve Sakoman
2024-07-04 12:32 ` [OE-core][kirkstone 2/7] gstreamer1.0-plugins-base: fix CVE-2024-4453 Steve Sakoman
2024-07-04 12:32 ` [OE-core][kirkstone 3/7] OpenSSL: Security fix for CVE-2024-5535 Steve Sakoman
2024-07-04 12:32 ` Steve Sakoman [this message]
2024-07-04 12:32 ` [OE-core][kirkstone 5/7] linuxloader: add -armhf on arm only for TARGET_FPU 'hard' Steve Sakoman
2024-07-04 12:32 ` [OE-core][kirkstone 6/7] glibc-tests: correctly pull in the actual tests when installing -ptest package Steve Sakoman
2024-07-04 14:41   ` Patchtest results for " patchtest
2024-07-04 12:32 ` [OE-core][kirkstone 7/7] glibc-tests: Add missing bash ptest dependency Steve Sakoman

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:3e7c70710 dfblob:6411a64ef dfblob:d2c477a06 )
 OR (
bs:"[OE-core][kirkstone 4/7] openssh: fix CVE-2024-6387" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ddb998d16fd869acb00a1cd8038ada20fd32aa8b.1720096173.git.steve@sakoman.com \
    --to=steve@sakoman.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox