Security fix for CVE-2014-8132.

resolves: #1072191
resolves: #1072741

CVE-2014-8132-libssh-0.5.5.patch

@@ -0,0 +1,46 @@
+From f2e14e00ff0afdb7e45a595dc4c5f9e50d413b4d Mon Sep 17 00:00:00 2001
+From: Jon Simons <jon@jonsimons.org>
+Date: Sat, 18 Oct 2014 23:23:26 -0700
+Subject: [PATCH] CVE-2014-8132: Fixup error path in ssh_packet_kexinit()
+
+Before this change, dangling pointers can be unintentionally left in the
+respective next_crypto kex methods slots.  Ensure to set all slots to
+NULL in the error-out path.
+
+Signed-off-by: Jon Simons <jon@jonsimons.org>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+
+(cherry picked from commit 2ced24ddd67a261dc364ad4d8958c068c1671ae7)
+Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
+---
+ src/kex.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/kex.c b/src/kex.c
+index dedf286..db35183 100644
+--- a/src/kex.c
++++ b/src/kex.c
+@@ -286,7 +286,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit){
+   for (i = 0; i < 10; i++) {
+     str = buffer_get_ssh_string(packet);
+     if (str == NULL) {
+-      break;
++      goto error;
+     }
+ 
+     if (buffer_add_ssh_string(session->in_hashbuf, str) < 0) {
+@@ -333,6 +333,11 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit){
+ error:
+   ssh_string_free(str);
+   for (i = 0; i < 10; i++) {
++    if (server_kex) {
++      session->server_kex.methods[i] = NULL;
++    } else {
++      session->client_kex.methods[i] = NULL;
++    }
+     SAFE_FREE(strings[i]);
+   }
+ 
+-- 
+2.2.0
+

libssh-0.5.5-CVE-2014-0017.patch

@@ -0,0 +1,98 @@
+commit 48f0bfc70363ca31c8889ca68759e587bc6d7cbd
+Author:     Aris Adamantiadis <aris@0xbadc0de.be>
+AuthorDate: Wed Feb 5 21:24:12 2014 +0100
+Commit:     Aris Adamantiadis <aris@0xbadc0de.be>
+CommitDate: Tue Mar 4 09:54:25 2014 +0100
+
+    security: fix for vulnerability CVE-2014-0017
+    
+    When accepting a new connection, a forking server based on libssh forks
+    and the child process handles the request. The RAND_bytes() function of
+    openssl doesn't reset its state after the fork, but simply adds the
+    current process id (getpid) to the PRNG state, which is not guaranteed
+    to be unique.
+    This can cause several children to end up with same PRNG state which is
+    a security issue.
+    
+    Conflicts:
+    	src/bind.c
+---
+ include/libssh/wrapper.h | 1 +
+ src/bind.c               | 3 ++-
+ src/libcrypto.c          | 9 +++++++++
+ src/libgcrypt.c          | 3 +++
+ 4 files changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/include/libssh/wrapper.h b/include/libssh/wrapper.h
+index 8c03497..b8cd4d2 100644
+--- a/include/libssh/wrapper.h
++++ b/include/libssh/wrapper.h
+@@ -44,5 +44,6 @@ int crypt_set_algorithms_server(ssh_session session);
+ struct ssh_crypto_struct *crypto_new(void);
+ void crypto_free(struct ssh_crypto_struct *crypto);
+ 
++void ssh_reseed(void);
+ 
+ #endif /* WRAPPER_H_ */
+diff --git a/src/bind.c b/src/bind.c
+index cc79f8e..cdcdabe 100644
+--- a/src/bind.c
++++ b/src/bind.c
+@@ -374,7 +374,8 @@ int ssh_bind_accept(ssh_bind sshbind, ssh_session session) {
+   ssh_socket_get_poll_handle_out(session->socket);
+   session->dsa_key = dsa;
+   session->rsa_key = rsa;
+-
++  /* force PRNG to change state in case we fork after ssh_bind_accept */
++  ssh_reseed();
+   return SSH_OK;
+ }
+ 
+diff --git a/src/libcrypto.c b/src/libcrypto.c
+index f43a91e..0932cbe 100644
+--- a/src/libcrypto.c
++++ b/src/libcrypto.c
+@@ -23,6 +23,7 @@
+ #include <stdlib.h>
+ #include <stdio.h>
+ #include <string.h>
++#include <sys/time.h>
+ 
+ #include "libssh/priv.h"
+ #include "libssh/session.h"
+@@ -38,6 +39,8 @@
+ #include <openssl/rsa.h>
+ #include <openssl/hmac.h>
+ #include <openssl/opensslv.h>
++#include <openssl/rand.h>
++
+ #ifdef HAVE_OPENSSL_AES_H
+ #define HAS_AES
+ #include <openssl/aes.h>
+@@ -66,6 +69,12 @@ static int alloc_key(struct crypto_struct *cipher) {
+     return 0;
+ }
+ 
++void ssh_reseed(void){
++    struct timeval tv;
++    gettimeofday(&tv, NULL);
++    RAND_add(&tv, sizeof(tv), 0.0);
++}
++
+ SHACTX sha1_init(void) {
+   SHACTX c = malloc(sizeof(*c));
+   if (c == NULL) {
+diff --git a/src/libgcrypt.c b/src/libgcrypt.c
+index f8fe96f..9a7ea43 100644
+--- a/src/libgcrypt.c
++++ b/src/libgcrypt.c
+@@ -41,6 +41,9 @@ static int alloc_key(struct crypto_struct *cipher) {
+     return 0;
+ }
+ 
++void ssh_reseed(void){
++	}
++
+ SHACTX sha1_init(void) {
+   SHACTX ctx = NULL;
+   gcry_md_open(&ctx, GCRY_MD_SHA1, 0);

libssh.spec

@@ -1,6 +1,6 @@
 Name:           libssh
 Version:        0.5.5
-Release:        1%{?dist}
+Release:        3%{?dist}
 Summary:        A library implementing the SSH2 protocol (0xbadc0de version)
 License:        LGPLv2+
 URL:            http://www.libssh.org/
@@ -11,6 +11,8 @@ Source0:        https://red.libssh.org/attachments/download/51/libssh-0.5.5.tar.
 Source1:        https://red.libssh.org/attachments/download/50/libssh-0.5.5.tar.asc
 Patch0:         libssh-0.5.4-disable-latex-documentation.patch
 Patch1:         libssh-0.5.4-fix-html-doc-generation.patch
+Patch2:         libssh-0.5.5-CVE-2014-0017.patch
+Patch3:         CVE-2014-8132-libssh-0.5.5.patch
 
 BuildRequires:  cmake
 BuildRequires:  doxygen
@@ -38,6 +40,9 @@ applications that use %{name}.
 %setup -q
 %patch0 -p1 -b .disable-latex-documentation
 %patch1 -p1 -b .fix-html-doc-generation
+%patch2 -p1 -b .libssh-0.5.5-CVE-2014-0017.patch
+%patch3 -p1 -b .CVE-2014-8132-libssh-0.5.5.patch
+
 # Remove examples, they are not packaged and do not build on EPEL 5
 sed -i -e 's|add_subdirectory(examples)||g' CMakeLists.txt
 rm -fr examples
@@ -86,6 +91,13 @@ rm -rf %{buildroot}
 %{_libdir}/libssh_threads.so
 
 %changelog
+* Fri Dec 19 2014 - Andreas Schneider <asn@redhat.com> - 0.5.5-3
+- Security fix for CVE-2014-8132.
+
+* Wed Mar 05 2014 - Andreas Schneider <asn@redhat.com> - 0.5.5-2
+- resolves: #1072191 - Fix CVE-2014-0017.
+- resolves: #1072741 - Fix CVE-2014-0017.
+
 * Fri Jul 26 2013 - Andreas Schneider <asn@redhat.com> - 0.5.5-1
 - Update to 0.5.5.
 - Clenup the spec file.