diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-07-01 09:57:16 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-07-01 09:57:16 +0000 |
commit | 77a7de14c40ab551e923068a8732d1f8bc125f77 (patch) | |
tree | cfde450424beef2bec533a0c29635a59e812c8ad | |
parent | Adding debian version 1:9.2p1-2+deb12u2. (diff) | |
download | openssh-77a7de14c40ab551e923068a8732d1f8bc125f77.tar.xz openssh-77a7de14c40ab551e923068a8732d1f8bc125f77.zip |
Adding debian version 1:9.2p1-2+deb12u3.debian/1%9.2p1-2+deb12u3debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | debian/changelog | 7 | ||||
-rw-r--r-- | debian/patches/Disable-async-signal-unsafe-code-from-the-sshsigdie-.patch | 36 | ||||
-rw-r--r-- | debian/patches/series | 1 |
3 files changed, 44 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index aa1399c..b1a2b71 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +openssh (1:9.2p1-2+deb12u3) bookworm-security; urgency=high + + * Non-maintainer upload by the Security Team. + * Disable async-signal-unsafe code from the sshsigdie() function + + -- Salvatore Bonaccorso <carnil@debian.org> Sat, 22 Jun 2024 21:38:08 +0200 + openssh (1:9.2p1-2+deb12u2) bookworm-security; urgency=medium * Cherry-pick from upstream: diff --git a/debian/patches/Disable-async-signal-unsafe-code-from-the-sshsigdie-.patch b/debian/patches/Disable-async-signal-unsafe-code-from-the-sshsigdie-.patch new file mode 100644 index 0000000..70a329d --- /dev/null +++ b/debian/patches/Disable-async-signal-unsafe-code-from-the-sshsigdie-.patch @@ -0,0 +1,36 @@ +From 96af055c9d7bfd2e974e0ef889848fa401057c0d Mon Sep 17 00:00:00 2001 +From: Salvatore Bonaccorso <carnil@debian.org> +Date: Sat, 22 Jun 2024 21:33:03 +0200 +Subject: [PATCH] Disable async-signal-unsafe code from the sshsigdie() + function + +Address signal handler race condition: if a client does not authenticate +within LoginGraceTime seconds (120 by default, 600 in old OpenSSH +versions), then sshd's SIGALRM handler is called asynchronously, but +this signal handler calls various functions that are not +async-signal-safe (for example, syslog()). + +This is a regression from CVE-2006-5051 ("Signal handler race condition +in OpenSSH before 4.4 allows remote attackers to cause a denial of +service (crash), and possibly execute arbitrary code") + +Signed-off-by: Salvatore Bonaccorso <carnil@debian.org> +--- + +--- a/log.c ++++ b/log.c +@@ -452,12 +452,14 @@ void + sshsigdie(const char *file, const char *func, int line, int showfunc, + LogLevel level, const char *suffix, const char *fmt, ...) + { ++#if 0 + va_list args; + + va_start(args, fmt); + sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL, + suffix, fmt, args); + va_end(args); ++#endif + _exit(1); + } + diff --git a/debian/patches/series b/debian/patches/series index f9d3791..e41daa2 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -33,3 +33,4 @@ CVE-2023-28531.patch CVE-2023-48795.patch CVE-2023-51384.patch CVE-2023-51385.patch +Disable-async-signal-unsafe-code-from-the-sshsigdie-.patch |