[AUTO-CHERRYPICK] openssh: fix "regresshion" CVE, CVE-2024-6387, with…

… patch from debian. - branch main (#9565) Co-authored-by: SeanDougherty <sdougherty@microsoft.com>
microsoft · Jul 11, 2024 · 450c3cc · 450c3cc
1 parent 8728caa
commit 450c3cc
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 1 deletion.
diff --git a/SPECS/openssh/CVE-2024-6387.patch b/SPECS/openssh/CVE-2024-6387.patch
@@ -0,0 +1,32 @@
+From 46bbf63bfa678cfb48ba8f2c0012101db5b3c691 Mon Sep 17 00:00:00 2001
+From: Sean Dougherty <sdougherty@microsoft.com>
+Date: Tue, 2 Jul 2024 18:20:49 +0000
+Subject: [PATCH] Description: fix signal handler race condition for
+ Regresshion CVE. https://nvd.nist.gov/vuln/detail/CVE-2024-6387
+
+---
+ log.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/log.c b/log.c
+index 99bf046..2d231ca 100644
+--- a/log.c
++++ b/log.c
+@@ -451,12 +451,13 @@ void
+ sshsigdie(const char *file, const char *func, int line, int showfunc,
+ LogLevel level, const char *suffix, const char *fmt, ...)
+ {
++#if 0
+ va_list args;
+-
+ va_start(args, fmt);
+ sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL,
+ suffix, fmt, args);
+ va_end(args);
++#endif
+ _exit(1);
+ }
+
+-- 
+2.39.4
+
diff --git a/SPECS/openssh/openssh.spec b/SPECS/openssh/openssh.spec
@@ -3,7 +3,7 @@
 Summary: Free version of the SSH connectivity tools
 Name: openssh
 Version: %{openssh_ver}
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: BSD
 Vendor: Microsoft Corporation
 Distribution: Mariner
@@ -46,6 +46,8 @@ Patch318: CVE-2023-48795-0008-upstream-Limit-number-of-entries-in-SSH2_MSG
 Patch319: CVE-2023-48795-0009-upstream-implement-strict-key-exchange-in-ssh-and-ss.patch
 # Patch for CVE-2023-28531 can be removed if openssh is upgraded to version 9.3p1 or greater
 Patch350: CVE-2023-28531.patch
+# Patch for CVE-2024-6387 can be removed if openssh is upgraded to version 9.8p1 or greater
+Patch351: CVE-2024-6387.patch
 BuildRequires: audit-devel
 BuildRequires: autoconf
 BuildRequires: e2fsprogs-devel
@@ -131,6 +133,7 @@ popd
 %patch318 -p1 -b .cve-2023-48795-0008
 %patch319 -p1 -b .cve-2023-48795-0009
 %patch350 -p1 -b .cve-2023-28531
+%patch351 -p1 -b .cve-2024-6387
 
 %build
 export CFLAGS="$CFLAGS -fpic"
@@ -287,6 +290,9 @@ fi
 %{_mandir}/man8/ssh-sk-helper.8.gz
 
 %changelog
+* Tue Jul 2 2024 Sean Dougherty <sdougherty@microsoft.com> - 8.9p1-6
+- Add patch for CVE-2024-6387 (a.k.a. "regresshion") using Debian's source as guidance.
+
 * Tue Jun 25 2024 Sam Meluch <sammeluch@microsoft.com> - 8.9p1-5
 - Add patch for CVE-2023-28531