mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-31 00:39:46 +00:00
Code Issues Projects Releases Wiki Activity

openssh: fix CVE-2024-6387

Browse Source 
sshd(8) in Portable OpenSSH versions 8.5p1 to 9.7p1 (inclusive).
Race condition resulting in potential remote code execution.
A race condition in sshd(8) could allow remote code execution as root on non-OpenBSD systems.
This attack could be prevented by disabling the login grace timeout (LoginGraceTime=0 in sshd_config)
though this makes denial-of service against sshd(8) considerably easier.
For more information, please refer to the release notes [1] and the
report from the Qualys Security Advisory Team [2] who discovered the bug.

[1] https://www.openssh.com/txt/release-9.8
[2] https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt

References:
https://www.openssh.com/security.html

(From OE-Core rev: ddb998d16fd869acb00a1cd8038ada20fd32aa8b)

Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>

v2: include the missing cve tag: CVE: CVE-2024-6387
v3: add the Signed-off-by on the CVE-2024-6387.patch
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Jose Quaresma
2024-07-02 17:53:16 +01:00
committed by Steve Sakoman
parent 9170d3f0f3
commit 979f68bad0
2 changed files with 28 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-connectivity/openssh/openssh/CVE-2024-6387.patch
+27
View File
@@ -0,0 +1,27 @@
Description: fix signal handler race condition
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2070497
CVE: CVE-2024-6387
Upstream-Status: Backport
https://git.launchpad.net/ubuntu/+source/openssh/commit/?h=applied/ubuntu/jammy-devel&id=b059bcfa928df4ff2d103ae2e8f4e3136ee03efc
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
--- a/log.c
+++ b/log.c
@@ -452,12 +452,14 @@ void
sshsigdie(const char *file, const char *func, int line, int showfunc,
LogLevel level, const char *suffix, const char *fmt, ...)
{
+#if 0
va_list args;
va_start(args, fmt);
sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL,
suffix, fmt, args);
va_end(args);
+#endif
_exit(1);
}
meta/recipes-connectivity/openssh/openssh_8.9p1.bb
+1
View File
@@ -36,6 +36,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
file://CVE-2023-48795.patch \ file://CVE-2023-48795.patch \
file://CVE-2023-51384.patch \ file://CVE-2023-51384.patch \
file://CVE-2023-51385.patch \ file://CVE-2023-51385.patch \
file://CVE-2024-6387.patch \
" "
SRC_URI[sha256sum] = "fd497654b7ab1686dac672fb83dfb4ba4096e8b5ffcdaccd262380ae58bec5e7" SRC_URI[sha256sum] = "fd497654b7ab1686dac672fb83dfb4ba4096e8b5ffcdaccd262380ae58bec5e7"