summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-07-01 17:58:46 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-07-01 17:58:46 +0000
commitd564ea7294cc3da3c8874c236fe8929a154436e2 (patch)
tree5420805b4b9da069ece8dff7167f09f7cb383c8e
parentReleasing progress-linux version 1:9.2p1-2+deb12u2progress7u1. (diff)
downloadopenssh-d564ea7294cc3da3c8874c236fe8929a154436e2.tar.xz
openssh-d564ea7294cc3da3c8874c236fe8929a154436e2.zip
Merging debian version 1:9.2p1-2+deb12u3.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r--debian/changelog7
-rw-r--r--debian/patches/Disable-async-signal-unsafe-code-from-the-sshsigdie-.patch36
-rw-r--r--debian/patches/series1
3 files changed, 44 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index a5410f6..6a4cf1b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+openssh (1:9.2p1-2+deb12u3) bookworm-security; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Disable async-signal-unsafe code from the sshsigdie() function
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Sat, 22 Jun 2024 21:38:08 +0200
+
openssh (1:9.2p1-2+deb12u2progress7u1) graograman; urgency=medium
* Initial reupload to graograman.
diff --git a/debian/patches/Disable-async-signal-unsafe-code-from-the-sshsigdie-.patch b/debian/patches/Disable-async-signal-unsafe-code-from-the-sshsigdie-.patch
new file mode 100644
index 0000000..70a329d
--- /dev/null
+++ b/debian/patches/Disable-async-signal-unsafe-code-from-the-sshsigdie-.patch
@@ -0,0 +1,36 @@
+From 96af055c9d7bfd2e974e0ef889848fa401057c0d Mon Sep 17 00:00:00 2001
+From: Salvatore Bonaccorso <carnil@debian.org>
+Date: Sat, 22 Jun 2024 21:33:03 +0200
+Subject: [PATCH] Disable async-signal-unsafe code from the sshsigdie()
+ function
+
+Address signal handler race condition: if a client does not authenticate
+within LoginGraceTime seconds (120 by default, 600 in old OpenSSH
+versions), then sshd's SIGALRM handler is called asynchronously, but
+this signal handler calls various functions that are not
+async-signal-safe (for example, syslog()).
+
+This is a regression from CVE-2006-5051 ("Signal handler race condition
+in OpenSSH before 4.4 allows remote attackers to cause a denial of
+service (crash), and possibly execute arbitrary code")
+
+Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
+---
+
+--- a/log.c
++++ b/log.c
+@@ -452,12 +452,14 @@ void
+ sshsigdie(const char *file, const char *func, int line, int showfunc,
+ LogLevel level, const char *suffix, const char *fmt, ...)
+ {
++#if 0
+ va_list args;
+
+ va_start(args, fmt);
+ sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL,
+ suffix, fmt, args);
+ va_end(args);
++#endif
+ _exit(1);
+ }
+
diff --git a/debian/patches/series b/debian/patches/series
index ec9f96c..745393d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -40,3 +40,4 @@ progress-linux/0004-ssh_config-update.patch
progress-linux/0005-mptcp-support.patch
progress-linux/0006-mptcp-manpages.patch
progress-linux/0007-mptcp-headers.patch
+Disable-async-signal-unsafe-code-from-the-sshsigdie-.patch