diff --git a/CVE-2016-0777_CVE-2016-0778.patch b/CVE-2016-0777_CVE-2016-0778.patch new file mode 100644 index 0000000..ca2c704 --- /dev/null +++ b/CVE-2016-0777_CVE-2016-0778.patch @@ -0,0 +1,34 @@ +References: https://lists.mindrot.org/pipermail/openssh-unix-announce/2016-January/000124.html https://bugzilla.suse.com/show_bug.cgi?id=961645 https://bugzilla.suse.com/show_bug.cgi?id=961642 +--- readconf.c 30 Jul 2015 00:01:34 -0000 1.239 ++++ readconf.c 13 Jan 2016 23:17:23 -0000 +@@ -1648,7 +1648,7 @@ initialize_options(Options * options) + options->tun_remote = -1; + options->local_command = NULL; + options->permit_local_command = -1; +- options->use_roaming = -1; ++ options->use_roaming = 0; + options->visual_host_key = -1; + options->ip_qos_interactive = -1; + options->ip_qos_bulk = -1; +@@ -1819,8 +1819,7 @@ fill_default_options(Options * options) + options->tun_remote = SSH_TUNID_ANY; + if (options->permit_local_command == -1) + options->permit_local_command = 0; +- if (options->use_roaming == -1) +- options->use_roaming = 1; ++ options->use_roaming = 0; + if (options->visual_host_key == -1) + options->visual_host_key = 0; + if (options->ip_qos_interactive == -1) +--- ssh.c 30 Jul 2015 00:01:34 -0000 1.420 ++++ ssh.c 13 Jan 2016 23:17:23 -0000 +@@ -1882,9 +1882,6 @@ ssh_session2(void) + fork_postauth(); + } + +- if (options.use_roaming) +- request_roaming(); +- + return client_loop(tty_flag, tty_flag ? + options.escape_char : SSH_ESCAPECHAR_NONE, id); + } diff --git a/openssh-askpass-gnome.spec b/openssh-askpass-gnome.spec index 5ec7720..6410b72 100644 --- a/openssh-askpass-gnome.spec +++ b/openssh-askpass-gnome.spec @@ -1,7 +1,7 @@ # # spec file for package openssh-askpass-gnome # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed diff --git a/openssh.changes b/openssh.changes index df0fd69..74240a0 100644 --- a/openssh.changes +++ b/openssh.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu Jan 14 15:35:55 UTC 2016 - astieger@suse.com + +- CVE-2016-0777, bsc#961642, CVE-2016-0778, bsc#961645 + Add CVE-2016-0777_CVE-2016-0778.patch to disable the roaming code + to prevent information leak and buffer overflow + ------------------------------------------------------------------- Mon Jan 12 10:35:12 UTC 2015 - meissner@suse.com diff --git a/openssh.spec b/openssh.spec index 4d41e7a..d44cb90 100644 --- a/openssh.spec +++ b/openssh.spec @@ -1,7 +1,7 @@ # # spec file for package openssh # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -152,6 +152,7 @@ Patch36: openssh-6.6p1-seccomp_getuid.patch Patch37: openssh-6.6p1-X_forward_with_disabled_ipv6.patch Patch38: openssh-6.6p1-fips-checks.patch Patch39: openssh-6.6p1-ldap.patch +Patch40: CVE-2016-0777_CVE-2016-0778.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -227,6 +228,7 @@ cryptomodule. %patch37 -p2 %patch38 -p2 %patch39 -p2 +%patch40 -p0 cp %{SOURCE3} %{SOURCE4} . %build