diff options
Diffstat (limited to '')
-rw-r--r-- | debian/.git-dpm | 4 | ||||
-rw-r--r-- | debian/changelog | 8 | ||||
-rw-r--r-- | debian/patches/series | 1 | ||||
-rw-r--r-- | debian/patches/sshsigdie-async-signal-unsafe.patch | 41 |
4 files changed, 52 insertions, 2 deletions
diff --git a/debian/.git-dpm b/debian/.git-dpm index 4b1e161..881c43e 100644 --- a/debian/.git-dpm +++ b/debian/.git-dpm @@ -1,6 +1,6 @@ # see git-dpm(1) from git-dpm package -d4ae5b68870bf65747084f4ed3060bb13c586c9e -d4ae5b68870bf65747084f4ed3060bb13c586c9e +7f4a743171f9e6b283207d448de6562219774fbf +7f4a743171f9e6b283207d448de6562219774fbf cf05e8418c088a6e5712344cecaf6ee2d5eb550f cf05e8418c088a6e5712344cecaf6ee2d5eb550f openssh_9.7p1.orig.tar.gz diff --git a/debian/changelog b/debian/changelog index c02c599..e455121 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +openssh (1:9.7p1-7) unstable; urgency=critical + + [ Salvatore Bonaccorso ] + * Disable async-signal-unsafe code from the sshsigdie() function. This is + a minimal workaround for a regression from CVE-2006-5051. + + -- Colin Watson <cjwatson@debian.org> Mon, 01 Jul 2024 10:11:27 +0100 + openssh (1:9.7p1-6) unstable; urgency=medium * Stop reading ~/.pam_environment, which has a history of security diff --git a/debian/patches/series b/debian/patches/series index 6af9ea1..d15e32f 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -29,3 +29,4 @@ zero-call-used-regs-m68k.patch regress-conch-dev-zero.patch configure-cache-vars.patch pam-avoid-unknown-host.patch +sshsigdie-async-signal-unsafe.patch diff --git a/debian/patches/sshsigdie-async-signal-unsafe.patch b/debian/patches/sshsigdie-async-signal-unsafe.patch new file mode 100644 index 0000000..2d27ecb --- /dev/null +++ b/debian/patches/sshsigdie-async-signal-unsafe.patch @@ -0,0 +1,41 @@ +From 7f4a743171f9e6b283207d448de6562219774fbf Mon Sep 17 00:00:00 2001 +From: Salvatore Bonaccorso <carnil@debian.org> +Date: Tue, 25 Jun 2024 12:24:29 +0100 +Subject: Disable async-signal-unsafe code from the sshsigdie() function + +Address signal handler race condition: if a client does not authenticate +within LoginGraceTime seconds (120 by default, 600 in old OpenSSH +versions), then sshd's SIGALRM handler is called asynchronously, but +this signal handler calls various functions that are not +async-signal-safe (for example, syslog()). + +This is a regression from CVE-2006-5051 ("Signal handler race condition +in OpenSSH before 4.4 allows remote attackers to cause a denial of +service (crash), and possibly execute arbitrary code") + +Signed-off-by: Salvatore Bonaccorso <carnil@debian.org> + +Patch-Name: sshsigdie-async-signal-unsafe.patch +--- + log.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/log.c b/log.c +index 6a8b1fc4a..57256660f 100644 +--- a/log.c ++++ b/log.c +@@ -452,12 +452,14 @@ void + sshsigdie(const char *file, const char *func, int line, int showfunc, + LogLevel level, const char *suffix, const char *fmt, ...) + { ++#if 0 + va_list args; + + va_start(args, fmt); + sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL, + suffix, fmt, args); + va_end(args); ++#endif + _exit(1); + } + |