Accepting request 353717 from home:AndreasStieger:branches:network

Security update for OpenSSH
CVE-2016-0777, bsc#961642, CVE-2016-0778, bsc#961645
https://lists.mindrot.org/pipermail/openssh-unix-announce/2016-January/000124.html

OBS-URL: https://build.opensuse.org/request/show/353717
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=93
This commit is contained in:
Ismail Dönmez 2016-01-14 16:36:52 +00:00 committed by Git OBS Bridge
parent d9f8a6a210
commit 1c5ff2cc6c
4 changed files with 45 additions and 2 deletions

View File

@ -0,0 +1,34 @@
References: https://lists.mindrot.org/pipermail/openssh-unix-announce/2016-January/000124.html https://bugzilla.suse.com/show_bug.cgi?id=961645 https://bugzilla.suse.com/show_bug.cgi?id=961642
--- readconf.c 30 Jul 2015 00:01:34 -0000 1.239
+++ readconf.c 13 Jan 2016 23:17:23 -0000
@@ -1648,7 +1648,7 @@ initialize_options(Options * options)
options->tun_remote = -1;
options->local_command = NULL;
options->permit_local_command = -1;
- options->use_roaming = -1;
+ options->use_roaming = 0;
options->visual_host_key = -1;
options->ip_qos_interactive = -1;
options->ip_qos_bulk = -1;
@@ -1819,8 +1819,7 @@ fill_default_options(Options * options)
options->tun_remote = SSH_TUNID_ANY;
if (options->permit_local_command == -1)
options->permit_local_command = 0;
- if (options->use_roaming == -1)
- options->use_roaming = 1;
+ options->use_roaming = 0;
if (options->visual_host_key == -1)
options->visual_host_key = 0;
if (options->ip_qos_interactive == -1)
--- ssh.c 30 Jul 2015 00:01:34 -0000 1.420
+++ ssh.c 13 Jan 2016 23:17:23 -0000
@@ -1882,9 +1882,6 @@ ssh_session2(void)
fork_postauth();
}
- if (options.use_roaming)
- request_roaming();
-
return client_loop(tty_flag, tty_flag ?
options.escape_char : SSH_ESCAPECHAR_NONE, id);
}

View File

@ -1,7 +1,7 @@
# #
# spec file for package openssh-askpass-gnome # spec file for package openssh-askpass-gnome
# #
# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Thu Jan 14 15:35:55 UTC 2016 - astieger@suse.com
- CVE-2016-0777, bsc#961642, CVE-2016-0778, bsc#961645
Add CVE-2016-0777_CVE-2016-0778.patch to disable the roaming code
to prevent information leak and buffer overflow
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jan 12 10:35:12 UTC 2015 - meissner@suse.com Mon Jan 12 10:35:12 UTC 2015 - meissner@suse.com

View File

@ -1,7 +1,7 @@
# #
# spec file for package openssh # spec file for package openssh
# #
# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -152,6 +152,7 @@ Patch36: openssh-6.6p1-seccomp_getuid.patch
Patch37: openssh-6.6p1-X_forward_with_disabled_ipv6.patch Patch37: openssh-6.6p1-X_forward_with_disabled_ipv6.patch
Patch38: openssh-6.6p1-fips-checks.patch Patch38: openssh-6.6p1-fips-checks.patch
Patch39: openssh-6.6p1-ldap.patch Patch39: openssh-6.6p1-ldap.patch
Patch40: CVE-2016-0777_CVE-2016-0778.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description %description
@ -227,6 +228,7 @@ cryptomodule.
%patch37 -p2 %patch37 -p2
%patch38 -p2 %patch38 -p2
%patch39 -p2 %patch39 -p2
%patch40 -p0
cp %{SOURCE3} %{SOURCE4} . cp %{SOURCE3} %{SOURCE4} .
%build %build