From b7caf1c02f614d9f25abd90b8763b46d255a460f Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Thu, 25 Feb 2016 16:38:50 +0100 Subject: [PATCH] Fix CVE-2016-0739 resolves: #1311259 --- CVE-2016-0739-v0-6.patch | 70 ++++++++++++++++++++++++++++++++++++++++ libssh.spec | 10 +++++- 2 files changed, 79 insertions(+), 1 deletion(-) create mode 100644 CVE-2016-0739-v0-6.patch diff --git a/CVE-2016-0739-v0-6.patch b/CVE-2016-0739-v0-6.patch new file mode 100644 index 0000000..4f3d1a8 --- /dev/null +++ b/CVE-2016-0739-v0-6.patch @@ -0,0 +1,70 @@ +From 1fd92622d87787d183099defb15a5e7bb4e2c875 Mon Sep 17 00:00:00 2001 +From: Aris Adamantiadis +Date: Tue, 9 Feb 2016 15:09:27 +0100 +Subject: [PATCH] dh: Fix CVE-2016-0739 + +Due to a byte/bit confusion, the DH secret was too short. This file was +completely reworked and will be commited in a future version. + +Signed-off-by: Aris Adamantiadis +Reviewed-by: Andreas Schneider +--- + src/dh.c | 22 +++++++++++++++++----- + 1 file changed, 17 insertions(+), 5 deletions(-) + +diff --git a/src/dh.c b/src/dh.c +index 010a1dd..7a817e8 100644 +--- a/src/dh.c ++++ b/src/dh.c +@@ -240,15 +240,21 @@ void ssh_print_bignum(const char *which, bignum num) { + } + + int dh_generate_x(ssh_session session) { ++ int keysize; ++ if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) { ++ keysize = 1023; ++ } else { ++ keysize = 2047; ++ } + session->next_crypto->x = bignum_new(); + if (session->next_crypto->x == NULL) { + return -1; + } + + #ifdef HAVE_LIBGCRYPT +- bignum_rand(session->next_crypto->x, 128); ++ bignum_rand(session->next_crypto->x, keysize); + #elif defined HAVE_LIBCRYPTO +- bignum_rand(session->next_crypto->x, 128, 0, -1); ++ bignum_rand(session->next_crypto->x, keysize, -1, 0); + #endif + + /* not harder than this */ +@@ -261,15 +267,21 @@ int dh_generate_x(ssh_session session) { + + /* used by server */ + int dh_generate_y(ssh_session session) { +- session->next_crypto->y = bignum_new(); ++ int keysize; ++ if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) { ++ keysize = 1023; ++ } else { ++ keysize = 2047; ++ } ++ session->next_crypto->y = bignum_new(); + if (session->next_crypto->y == NULL) { + return -1; + } + + #ifdef HAVE_LIBGCRYPT +- bignum_rand(session->next_crypto->y, 128); ++ bignum_rand(session->next_crypto->y, keysize); + #elif defined HAVE_LIBCRYPTO +- bignum_rand(session->next_crypto->y, 128, 0, -1); ++ bignum_rand(session->next_crypto->y, keysize, -1, 0); + #endif + + /* not harder than this */ +-- +2.5.0 + diff --git a/libssh.spec b/libssh.spec index d764b27..3776003 100644 --- a/libssh.spec +++ b/libssh.spec @@ -1,6 +1,6 @@ Name: libssh Version: 0.6.5 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A library implementing the SSH protocol License: LGPLv2+ URL: http://www.libssh.org @@ -9,6 +9,8 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Source0: https://red.libssh.org/attachments/download/121/libssh-0.6.5.tar.xz +Patch0: CVE-2016-0739-v0-6.patch + BuildRequires: cmake BuildRequires: doxygen BuildRequires: openssl-devel @@ -36,6 +38,9 @@ applications that use %{name}. %prep %setup -q + +%patch0 -p1 -b .CVE-2016-0739-v0-6.patch + # Remove examples, they are not packaged and do not build on EPEL 5 sed -i -e 's|add_subdirectory(examples)||g' CMakeLists.txt rm -rf examples @@ -88,6 +93,9 @@ rm -rf %{buildroot} %{_libdir}/libssh_threads.so %changelog +* Thu Feb 25 2016 Andreas Schneider - 0.6.5-2 +- resolves: #1311259 - Fix CVE-2016-0739 + * Thu Apr 30 2015 Andreas Schneider - 0.6.5-1 - resolves: #1213775 - Security fix for CVE-2015-3146 - resolves: #1218077 - Security fix for CVE-2015-3146