From owner-svn-ports-head@FreeBSD.ORG Fri Nov 8 12:56:58 2013 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 1BE863A9 for ; Fri, 8 Nov 2013 12:56:58 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id F0845279B for ; Fri, 8 Nov 2013 12:56:57 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id rA8CuvEo060610 for ; Fri, 8 Nov 2013 12:56:57 GMT (envelope-from bdrewery@freefall.freebsd.org) Received: (from bdrewery@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id rA8CuvD0060606 for svn-ports-head@freebsd.org; Fri, 8 Nov 2013 12:56:57 GMT (envelope-from bdrewery) Received: (qmail 85808 invoked from network); 8 Nov 2013 06:56:56 -0600 Received: from unknown (HELO ?10.10.0.24?) (freebsd@shatow.net@10.10.0.24) by sweb.xzibition.com with ESMTPA; 8 Nov 2013 06:56:56 -0600 Message-ID: <527CDF90.6080809@FreeBSD.org> Date: Fri, 08 Nov 2013 06:56:48 -0600 From: Bryan Drewery Organization: FreeBSD User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r333217 - head/security/vuxml References: <201311081250.rA8CoTAw082063@svn.freebsd.org> In-Reply-To: <201311081250.rA8CoTAw082063@svn.freebsd.org> X-Enigmail-Version: 1.6 OpenPGP: id=6E4697CF; url=http://www.shatow.net/bryan/bryan2.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="7xogXJ8k51CajdTVOQK0DLDwm6KQKoI85" X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Nov 2013 12:56:58 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --7xogXJ8k51CajdTVOQK0DLDwm6KQKoI85 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 11/8/2013 6:50 AM, Bryan Drewery wrote: > Author: bdrewery > Date: Fri Nov 8 12:50:28 2013 > New Revision: 333217 > URL: http://svnweb.freebsd.org/changeset/ports/333217 >=20 > Log: > - Document memory corruption in security/openssh-portable >=20 > Modified: > head/security/vuxml/vuln.xml >=20 > Modified: head/security/vuxml/vuln.xml > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- head/security/vuxml/vuln.xml Fri Nov 8 12:46:34 2013 (r333216) > +++ head/security/vuxml/vuln.xml Fri Nov 8 12:50:28 2013 (r333217) > @@ -51,6 +51,51 @@ Note: Please add new entries to the beg > =20 > --> > > + > + OpenSSH -- Memory corruption in sshd > + > + > + openssh-portable > + 6.4p1,1 > + 6.2p2,1 > + > + > + openssh-portable-base > + 6.4p1,1 > + 6.2p2,1 > + > + > + > + > +

OpenSSH development team reports:

> +
> +

A memory corruption vulnerability exists in the post- > + authentication sshd process when an AES-GCM cipher > + (aes128-gcm@openssh.com or aes256-gcm@openssh.com) is > + selected during kex exchange. > + > + If exploited, this vulnerability might permit code execution > + with the privileges of the authenticated user and may > + therefore allow bypassing restricted shell/command > + configurations.

> +

Either upgrade to 6.4 or disable AES-GCM in the server > + configuration. The following sshd_config option will disable > + AES-GCM while leaving other ciphers active: > + > + Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blow= fish-cbc,cast128-cbc,aes192-cbc,aes256-cbc > +

If there is a better way to note this please do modify. > +
> + > +
> + > + http://www.openssh.com/txt/gcmrekey.adv > + > + > + 2013-11-07 > + 2013-11-08 > + > +
> + > > Quassel IRC -- SQL injection vulnerability > >=20 --=20 Regards, Bryan Drewery --7xogXJ8k51CajdTVOQK0DLDwm6KQKoI85 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSfN+QAAoJEDXXcbtuRpfPoDsH+wfQZQPrM0oIgfTb2dZzZ8Mq k48qKN4koTD6nGBALvIR51QLQn/NoMEZETdGUkldsyc4CwvskTKYRYhI58OsTqmd yA2b7qohQpz6LQ4DQuXRmqWB9TO7MNMXj70/3oYy4v/wx+eVa5i9pqflWhHcqxDD O06+6hxgb6ph1piQD6tjLjyLmAcRbys8GGeTRMeNuawShxcAvJkTPrEp6itF30uM HPnjzj8uWfSxiupjPmEGJoT44lYv09rzoKvxnU6q6EvTq/BnOeUeX0tr0/9PsRnH eNv/c613JlGYJqrKGdvPUCO71mQp56212qRL/3l6+Un/uD1QuVRZqqB73n+vg1A= =sjTb -----END PGP SIGNATURE----- --7xogXJ8k51CajdTVOQK0DLDwm6KQKoI85--