- Add patch to fix a race condition in a signal handler by removing
the async-signal-unsafe code (CVE-2024-6387, bsc#1226642): * fix-CVE-2024-6387.patch OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=269
This commit is contained in:
parent
b4dab4a6f7
commit
0aa4b1876f
19
fix-CVE-2024-6387.patch
Normal file
19
fix-CVE-2024-6387.patch
Normal file
@ -0,0 +1,19 @@
|
||||
Index: openssh-9.6p1/log.c
|
||||
===================================================================
|
||||
--- openssh-9.6p1.orig/log.c
|
||||
+++ openssh-9.6p1/log.c
|
||||
@@ -451,12 +451,14 @@ void
|
||||
sshsigdie(const char *file, const char *func, int line, int showfunc,
|
||||
LogLevel level, const char *suffix, const char *fmt, ...)
|
||||
{
|
||||
+#if 0
|
||||
va_list args;
|
||||
|
||||
va_start(args, fmt);
|
||||
sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL,
|
||||
suffix, fmt, args);
|
||||
va_end(args);
|
||||
+#endif
|
||||
_exit(1);
|
||||
}
|
||||
|
@ -1,3 +1,10 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Jul 1 07:50:28 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
|
||||
|
||||
- Add patch to fix a race condition in a signal handler by removing
|
||||
the async-signal-unsafe code (CVE-2024-6387, bsc#1226642):
|
||||
* fix-CVE-2024-6387.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jun 10 07:10:48 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
|
||||
|
||||
|
@ -128,6 +128,8 @@ Patch106: openssh-7.6p1-cleanup-selinux.patch
|
||||
# PATCH-FIX-OPENSUSE bsc#1211301 Add crypto-policies support
|
||||
Patch107: openssh-9.6p1-crypto-policies.patch
|
||||
Patch108: openssh-9.6p1-crypto-policies-man.patch
|
||||
# PATCH-FIX-SUSE bsc#1226642 fix CVE-2024-6387
|
||||
Patch109: fix-CVE-2024-6387.patch
|
||||
%if 0%{with allow_root_password_login_by_default}
|
||||
Patch1000: openssh-7.7p1-allow_root_password_login.patch
|
||||
%endif
|
||||
|
Loading…
Reference in New Issue
Block a user