Date: Mon, 1 Jul 2024 10:55:36 GMT From: Bernard Spil <brnrd@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 66a620a734b4 - main - security/vuxml: Document OpenSSH vulnerability Message-ID: <202407011055.461AtaUt039539@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by brnrd: URL: https://cgit.FreeBSD.org/ports/commit/?id=66a620a734b489596452f342224330207c6e23b1 commit 66a620a734b489596452f342224330207c6e23b1 Author: Bernard Spil <brnrd@FreeBSD.org> AuthorDate: 2024-07-01 10:55:32 +0000 Commit: Bernard Spil <brnrd@FreeBSD.org> CommitDate: 2024-07-01 10:55:32 +0000 security/vuxml: Document OpenSSH vulnerability --- security/openssh-portable/Makefile | 13 +++++--- .../openssh-portable/files/patch-CVE-2024-6387 | 36 ++++++++++++++++++++++ security/vuxml/vuln/2024.xml | 26 ++++++++++++++++ 3 files changed, 71 insertions(+), 4 deletions(-) diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile index ccf46bb23850..65f88b3e3f82 100644 --- a/security/openssh-portable/Makefile +++ b/security/openssh-portable/Makefile @@ -1,6 +1,6 @@ PORTNAME= openssh DISTVERSION= 9.7p1 -PORTREVISION= 0 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= security MASTER_SITES= OPENBSD/OpenSSH/portable @@ -23,7 +23,6 @@ GNU_CONFIGURE= yes GNU_CONFIGURE_MANPREFIX= ${PREFIX}/share CONFIGURE_ARGS= --prefix=${PREFIX} \ --without-zlib-version-check \ - --with-ssl-engine \ --with-mantype=man ETCOLD= ${PREFIX}/etc @@ -42,8 +41,8 @@ gssapi_PKGNAMESUFFIX= -portable-gssapi OPTIONS_DEFINE= DOCS PAM TCP_WRAPPERS LIBEDIT BSM \ HPN KERB_GSSAPI \ - LDNS NONECIPHER XMSS FIDO_U2F BLACKLISTD -OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS LDNS FIDO_U2F + LDNS NONECIPHER XMSS FIDO_U2F BLACKLISTD OPENSSL +OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS LDNS FIDO_U2F OPENSSL .if ${FLAVOR:U} == hpn OPTIONS_DEFAULT+= HPN NONECIPHER .endif @@ -64,6 +63,7 @@ NONECIPHER_DESC= NONE Cipher support XMSS_DESC= XMSS key support (experimental) FIDO_U2F_DESC= FIDO/U2F support (security/libfido2) BLACKLISTD_DESC= FreeBSD blacklistd(8) support +OPENSSL_DESC= Use of OpenSSL; when disabled use only limited internal crypto **EXPERIMENTAL** OPTIONS_SUB= yes @@ -94,6 +94,9 @@ FIDO_U2F_CONFIGURE_OFF= --disable-security-key BLACKLISTD_EXTRA_PATCHES= ${FILESDIR}/extra-patch-blacklistd +OPENSSL_CONFIGURE_ON= --with-ssl-engine +OPENSSL_CONFIGURE_OFF= --without-openssl + ETCDIR?= ${PREFIX}/etc/ssh .include <bsd.port.pre.mk> @@ -209,6 +212,8 @@ post-patch: ${WRKSRC}/sshd_config.5 @${ECHO_CMD} '#define SSH_VERSION_FREEBSD_PORT "${VERSION_ADDENDUM_DEFAULT}"' >> \ ${WRKSRC}/version.h + @${REINPLACE_CMD} \ + -e 's|BLACKLIST_BAD_USER|BLACKLIST_AUTH_FAIL|' ${WRKSRC}/auth.c post-configure-XMSS-on: @${ECHO_CMD} "#define WITH_XMSS 1" >> ${WRKSRC}/config.h diff --git a/security/openssh-portable/files/patch-CVE-2024-6387 b/security/openssh-portable/files/patch-CVE-2024-6387 new file mode 100644 index 000000000000..65d0fe4323a4 --- /dev/null +++ b/security/openssh-portable/files/patch-CVE-2024-6387 @@ -0,0 +1,36 @@ +From 8f80def8aa085385dc4fe4668f0e29d3a0dc8510 Mon Sep 17 00:00:00 2001 +From: Philip Paeps <philip@FreeBSD.org> +Date: Mon, 1 Jul 2024 16:20:01 +0800 +Subject: openssh: Fix pre-authentication remote code execution in sshd. + +Reported by: Qualys Threat Research Unit (TRU) +Approved by: so +Security: FreeBSD-SA-24:04.openssh +Security: CVE-2024-6387 + +(cherry picked from commit 2abea9df01655633aabbb9bf3204c90722001202) +(cherry picked from commit 620a6a54bb7bb6e1c5607092b6ec49e353e0925f) +--- + crypto/openssh/log.c | 2 ++ + crypto/openssh/version.h | 2 +- + 2 files changed, 3 insertions(+), 1 deletion(-) + +diff --git a/crypto/openssh/log.c b/crypto/openssh/log.c +index 9fc1a2e2eaf6..436c75630181 100644 +--- log.c.orig ++++ log.c +@@ -451,12 +451,14 @@ void + sshsigdie(const char *file, const char *func, int line, int showfunc, + LogLevel level, const char *suffix, const char *fmt, ...) + { ++#if 0 + va_list args; + + va_start(args, fmt); + sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL, + suffix, fmt, args); + va_end(args); ++#endif + _exit(1); + } + diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index 7c50552a00d0..f557f664f995 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,29 @@ + <vuln vid="f1a00122-3797-11ef-b611-84a93843eb75"> + <topic>OpenSSH -- Race condition resulting in potential remote code execution</topic> + <affects> + <package> + <name>openssh-portable</name> + <range><lt>9.7_1,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The OpenSSH project reports:</p> + <blockquote cite="https://www.openssh.com/security.html">; + <p>A race condition in sshd(8) could allow remote code execution as root on non-OpenBSD systems.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2024-6387</cvename> + <url>https://www.openssh.com/security.html</url>; + </references> + <dates> + <discovery>2024-07-01</discovery> + <entry>2024-07-01</entry> + </dates> + </vuln> + <vuln vid="c742dbe8-3704-11ef-9e6e-b42e991fc52e"> <topic>netatalk3 -- Multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202407011055.461AtaUt039539>