From bdce08215396e5ab99ada5fa0f62c3b002a44582 Mon Sep 17 00:00:00 2001 From: Li Wang Date: Tue, 27 Nov 2012 14:13:21 +0800 Subject: openssh: CVE-2011-4327 A security flaw was found in the way ssh-keysign, a ssh helper program for host based authentication, attempted to retrieve enough entropy information on configurations that lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would be executed to retrieve the entropy from the system environment). A local attacker could use this flaw to obtain unauthorized access to host keys via ptrace(2) process trace attached to the 'ssh-rand-helper' program. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4327 http://www.openssh.com/txt/portable-keysign-rand-helper.adv [YOCTO #3493] Signed-off-by: Li Wang Signed-off-by: Richard Purdie --- .../openssh-6.0p1/openssh-CVE-2011-4327.patch | 27 ++++++++++++++++++++++ meta/recipes-connectivity/openssh/openssh_6.0p1.bb | 3 ++- 2 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch (limited to 'meta') diff --git a/meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch b/meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch new file mode 100644 index 0000000000..8489edcc82 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch @@ -0,0 +1,27 @@ +openssh-CVE-2011-4327 + +A security flaw was found in the way ssh-keysign, +a ssh helper program for host based authentication, +attempted to retrieve enough entropy information on configurations that +lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would +be executed to retrieve the entropy from the system environment). +A local attacker could use this flaw to obtain unauthorized access to host keys +via ptrace(2) process trace attached to the 'ssh-rand-helper' program. + +https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4327 +http://www.openssh.com/txt/portable-keysign-rand-helper.adv + +Signed-off-by: Li Wang +--- a/ssh-keysign.c ++++ b/ssh-keysign.c +@@ -170,6 +170,10 @@ + key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); + key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY); + key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); ++ if (fcntl(key_fd[0], F_SETFD, FD_CLOEXEC) != 0 || ++ fcntl(key_fd[1], F_SETFD, FD_CLOEXEC) != 0 || ++ fcntl(key_fd[2], F_SETFD, FD_CLOEXEC) != 0) ++ fatal("fcntl failed"); + + original_real_uid = getuid(); /* XXX readconf.c needs this */ + if ((pw = getpwuid(original_real_uid)) == NULL) diff --git a/meta/recipes-connectivity/openssh/openssh_6.0p1.bb b/meta/recipes-connectivity/openssh/openssh_6.0p1.bb index 31202d4284..df77040099 100644 --- a/meta/recipes-connectivity/openssh/openssh_6.0p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_6.0p1.bb @@ -7,7 +7,7 @@ SECTION = "console/network" LICENSE = "BSD" LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507" -PR = "r3" +PR = "r4" DEPENDS = "zlib openssl" DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" @@ -23,6 +23,7 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar. file://sshd_config \ file://ssh_config \ file://init \ + file://openssh-CVE-2011-4327.patch \ ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)}" PAM_SRC_URI = "file://sshd" -- cgit v1.2.3