diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-07-01 17:58:46 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-07-01 17:58:46 +0000 |
commit | d564ea7294cc3da3c8874c236fe8929a154436e2 (patch) | |
tree | 5420805b4b9da069ece8dff7167f09f7cb383c8e | |
parent | Releasing progress-linux version 1:9.2p1-2+deb12u2progress7u1. (diff) | |
download | openssh-d564ea7294cc3da3c8874c236fe8929a154436e2.tar.xz openssh-d564ea7294cc3da3c8874c236fe8929a154436e2.zip |
Merging debian version 1:9.2p1-2+deb12u3.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r-- | debian/changelog | 7 | ||||
-rw-r--r-- | debian/patches/Disable-async-signal-unsafe-code-from-the-sshsigdie-.patch | 36 | ||||
-rw-r--r-- | debian/patches/series | 1 |
3 files changed, 44 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index a5410f6..6a4cf1b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +openssh (1:9.2p1-2+deb12u3) bookworm-security; urgency=high + + * Non-maintainer upload by the Security Team. + * Disable async-signal-unsafe code from the sshsigdie() function + + -- Salvatore Bonaccorso <carnil@debian.org> Sat, 22 Jun 2024 21:38:08 +0200 + openssh (1:9.2p1-2+deb12u2progress7u1) graograman; urgency=medium * Initial reupload to graograman. diff --git a/debian/patches/Disable-async-signal-unsafe-code-from-the-sshsigdie-.patch b/debian/patches/Disable-async-signal-unsafe-code-from-the-sshsigdie-.patch new file mode 100644 index 0000000..70a329d --- /dev/null +++ b/debian/patches/Disable-async-signal-unsafe-code-from-the-sshsigdie-.patch @@ -0,0 +1,36 @@ +From 96af055c9d7bfd2e974e0ef889848fa401057c0d Mon Sep 17 00:00:00 2001 +From: Salvatore Bonaccorso <carnil@debian.org> +Date: Sat, 22 Jun 2024 21:33:03 +0200 +Subject: [PATCH] Disable async-signal-unsafe code from the sshsigdie() + function + +Address signal handler race condition: if a client does not authenticate +within LoginGraceTime seconds (120 by default, 600 in old OpenSSH +versions), then sshd's SIGALRM handler is called asynchronously, but +this signal handler calls various functions that are not +async-signal-safe (for example, syslog()). + +This is a regression from CVE-2006-5051 ("Signal handler race condition +in OpenSSH before 4.4 allows remote attackers to cause a denial of +service (crash), and possibly execute arbitrary code") + +Signed-off-by: Salvatore Bonaccorso <carnil@debian.org> +--- + +--- a/log.c ++++ b/log.c +@@ -452,12 +452,14 @@ void + sshsigdie(const char *file, const char *func, int line, int showfunc, + LogLevel level, const char *suffix, const char *fmt, ...) + { ++#if 0 + va_list args; + + va_start(args, fmt); + sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL, + suffix, fmt, args); + va_end(args); ++#endif + _exit(1); + } + diff --git a/debian/patches/series b/debian/patches/series index ec9f96c..745393d 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -40,3 +40,4 @@ progress-linux/0004-ssh_config-update.patch progress-linux/0005-mptcp-support.patch progress-linux/0006-mptcp-manpages.patch progress-linux/0007-mptcp-headers.patch +Disable-async-signal-unsafe-code-from-the-sshsigdie-.patch |