|
|
Author: tmraz
Update of /cvs/dist/rpms/openssh/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv32226
Modified Files:
openssh.spec
Added Files:
openssh-4.3p2-cve-2006-5794.patch
Log Message:
* Fri Nov 10 2006 Tomas Mraz <tmraz@xxxxxxxxxx> - 4.3p2-12
- CVE-2006-5794 - properly detect failed key verify in monitor (#214641)
openssh-4.3p2-cve-2006-5794.patch:
monitor.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
--- NEW FILE openssh-4.3p2-cve-2006-5794.patch ---
Fix a bug in the sshd privilege separation monitor that weakened its
verification of successful authenication. This bug is not known to be
exploitable in the absence of additional vulnerabilities.
--- openssh-4.3p2/monitor.c.verify 2006-11-10 10:40:37.000000000 +0100
+++ openssh-4.3p2/monitor.c 2006-11-10 10:42:32.000000000 +0100
@@ -330,7 +330,7 @@
/* The first few requests do not require asynchronous access */
while (!authenticated) {
auth_method = "unknown";
- authenticated = monitor_read(pmonitor, mon_dispatch, &ent);
+ authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) ==
1);
if (authenticated) {
if (!(ent->flags & MON_AUTHDECIDE))
fatal("%s: unexpected authentication from %d",
@@ -1214,7 +1214,7 @@
verified = key_verify(key, signature, signaturelen, data, datalen);
debug3("%s: key %p signature %s",
- __func__, key, verified ? "verified" : "unverified");
+ __func__, key, (verified == 1) ? "verified" : "unverified");
key_free(key);
xfree(blob);
@@ -1229,7 +1229,7 @@
buffer_put_int(m, verified);
mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m);
- return (verified);
+ return (verified == 1);
}
static void
Index: openssh.spec
===================================================================
RCS file: /cvs/dist/rpms/openssh/devel/openssh.spec,v
retrieving revision 1.98
retrieving revision 1.99
diff -u -r1.98 -r1.99
--- openssh.spec 2 Nov 2006 13:33:37 -0000 1.98
+++ openssh.spec 10 Nov 2006 10:00:04 -0000 1.99
@@ -61,7 +61,7 @@
Summary: The OpenSSH implementation of SSH protocol versions 1 and 2
Name: openssh
Version: 4.3p2
-Release: 11%{?dist}%{?rescue_rel}
+Release: 12%{?dist}%{?rescue_rel}
URL: http://www.openssh.com/portable.html
#Source0:
ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
#Source1:
ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.sig
@@ -96,6 +96,7 @@
Patch44: openssh-4.3p2-allow-ip-opts.patch
Patch45: openssh-4.3p2-cve-2006-4924.patch
Patch46: openssh-3.9p1-cve-2006-5051.patch
+Patch47: openssh-4.3p2-cve-2006-5794.patch
License: BSD
Group: Applications/Internet
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
@@ -229,6 +230,7 @@
%patch44 -p1 -b .ip-opts
%patch45 -p1 -b .deattack-dos
%patch46 -p1 -b .sig-no-cleanup
+%patch47 -p1 -b .verify
autoreconf
@@ -473,6 +475,9 @@
%endif
%changelog
+* Fri Nov 10 2006 Tomas Mraz <tmraz@xxxxxxxxxx> - 4.3p2-12
+- CVE-2006-5794 - properly detect failed key verify in monitor (#214641)
+
* Thu Nov 2 2006 Tomas Mraz <tmraz@xxxxxxxxxx> - 4.3p2-11
- merge sshd initscript patches
- kill all ssh sessions when stop is called in halt or reboot runlevel
--
fedora-cvs-commits mailing list
fedora-cvs-commits@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-cvs-commits
|
|