Fix vulnerabilities published with openssh-7.1p2 (#1298626)
* CVE-2016-0777 OpenSSH: Client Information leak due to use of roaming connection feature * Fix an out of-bound read access in the packet handling code
This commit is contained in:
Jakub Jelen
parent
2cc5f8d34f
commit
5cbd391da9
|
|
@ -0,0 +1,79 @@
|
|||
From d77148e3a3ef6c29b26ec74331455394581aa257 Mon Sep 17 00:00:00 2001
|
||||
From: "djm@openbsd.org" <djm@openbsd.org>
|
||||
Date: Sun, 8 Nov 2015 21:59:11 +0000
|
||||
Subject: upstream commit
|
||||
|
||||
fix OOB read in packet code caused by missing return
|
||||
statement found by Ben Hawkes; ok markus@ deraadt@
|
||||
|
||||
Upstream-ID: a3e3a85434ebfa0690d4879091959591f30efc62
|
||||
---
|
||||
packet.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/packet.c b/packet.c
|
||||
index 01d3e29..7b5c419 100644
|
||||
--- a/packet.c
|
||||
+++ b/packet.c
|
||||
@@ -1581,6 +1581,7 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
|
||||
logit("Bad packet length %u.", state->packlen);
|
||||
if ((r = sshpkt_disconnect(ssh, "Packet corrupt")) != 0)
|
||||
return r;
|
||||
+ return SSH_ERR_CONN_CORRUPT;
|
||||
}
|
||||
sshbuf_reset(state->incoming_packet);
|
||||
} else if (state->packlen == 0) {
|
||||
--
|
||||
cgit v0.11.2
|
||||
|
||||
From e6c85f8889c5c9eb04796fdb76d2807636b9eef5 Mon Sep 17 00:00:00 2001
|
||||
From: Damien Miller <djm@mindrot.org>
|
||||
Date: Fri, 15 Jan 2016 01:30:36 +1100
|
||||
Subject: forcibly disable roaming support in the client
|
||||
|
||||
---
|
||||
readconf.c | 5 ++---
|
||||
ssh.c | 3 ---
|
||||
2 files changed, 2 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/readconf.c b/readconf.c
|
||||
index 0a38091..dd67811 100644
|
||||
--- a/readconf.c
|
||||
+++ b/readconf.c
|
||||
@@ -1713,7 +1713,7 @@ initialize_options(Options * options)
|
||||
options->tun_remote = -1;
|
||||
options->local_command = NULL;
|
||||
options->permit_local_command = -1;
|
||||
- options->use_roaming = -1;
|
||||
+ options->use_roaming = 0;
|
||||
options->visual_host_key = -1;
|
||||
options->ip_qos_interactive = -1;
|
||||
options->ip_qos_bulk = -1;
|
||||
@@ -1889,8 +1889,7 @@ fill_default_options(Options * options)
|
||||
options->tun_remote = SSH_TUNID_ANY;
|
||||
if (options->permit_local_command == -1)
|
||||
options->permit_local_command = 0;
|
||||
- if (options->use_roaming == -1)
|
||||
- options->use_roaming = 1;
|
||||
+ options->use_roaming = 0;
|
||||
if (options->visual_host_key == -1)
|
||||
options->visual_host_key = 0;
|
||||
if (options->ip_qos_interactive == -1)
|
||||
diff --git a/ssh.c b/ssh.c
|
||||
index 096c5b5..cf6eaeb 100644
|
||||
--- a/ssh.c
|
||||
+++ b/ssh.c
|
||||
@@ -1949,9 +1949,6 @@ ssh_session2(void)
|
||||
fork_postauth();
|
||||
}
|
||||
|
||||
- if (options.use_roaming)
|
||||
- request_roaming();
|
||||
-
|
||||
return client_loop(tty_flag, tty_flag ?
|
||||
options.escape_char : SSH_ESCAPECHAR_NONE, id);
|
||||
}
|
||||
--
|
||||
cgit v0.11.2
|
||||
|
||||
|
||||
|
|
@ -236,6 +236,10 @@ Patch932: openssh-6.9p1-security-7.0.patch
|
|||
Patch933: openssh-6.9p1-show-more-fingerprints.patch
|
||||
# Add GSSAPIKexAlgorithms option for server and client application
|
||||
Patch934: openssh-6.9p1-gssKexAlgorithms.patch
|
||||
# Vulnerabilities published with openssh-7.1p2 (#1298626)
|
||||
# CVE-2016-0777 OpenSSH: Client Information leak due to use of roaming connection feature
|
||||
# Fix an out of-bound read access in the packet handling code
|
||||
Patch935: openssh-6.9p1-security-7.1.patch
|
||||
|
||||
|
||||
License: BSD
|
||||
|
|
@ -463,6 +467,7 @@ popd
|
|||
%patch932 -p1 -b .security
|
||||
%patch933 -p1 -b .fingerprint
|
||||
%patch934 -p1 -b .gsskexalg
|
||||
%patch935 -p1 -b .security71
|
||||
|
||||
%patch200 -p1 -b .audit
|
||||
%patch700 -p1 -b .fips
|
||||
|
|
|
|||
Loading…
Reference in New Issue