FreeBSD Bugzilla – Attachment 251810 Details for
Bug 280068
security/openssh-portable: Security fix for CVE-2024-6387
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
git diff for security/openssh-portable
patch-security_openssh-portable-CVE-2024-6387[1] (text/plain), 1.68 KB, created by
Bernard Spil
on 2024-07-01 10:51:19 UTC
(
hide
)
Description:
git diff for security/openssh-portable
Filename:
MIME Type:
Creator:
Bernard Spil
Created:
2024-07-01 10:51:19 UTC
Size:
1.68 KB
patch
obsolete
>diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile >index ccf46bb238..65f88b3e3f 100644 >--- a/security/openssh-portable/Makefile >+++ b/security/openssh-portable/Makefile >@@ -1,6 +1,6 @@ > PORTNAME= openssh > DISTVERSION= 9.7p1 >-PORTREVISION= 0 >+PORTREVISION= 1 > PORTEPOCH= 1 > CATEGORIES= security > MASTER_SITES= OPENBSD/OpenSSH/portable >diff --git a/security/openssh-portable/files/patch-CVE-2024-6387 b/security/openssh-portable/files/patch-CVE-2024-6387 >new file mode 100644 >index 0000000000..65d0fe4323 >--- /dev/null >+++ b/security/openssh-portable/files/patch-CVE-2024-6387 >@@ -0,0 +1,36 @@ >+From 8f80def8aa085385dc4fe4668f0e29d3a0dc8510 Mon Sep 17 00:00:00 2001 >+From: Philip Paeps <philip@FreeBSD.org> >+Date: Mon, 1 Jul 2024 16:20:01 +0800 >+Subject: openssh: Fix pre-authentication remote code execution in sshd. >+ >+Reported by: Qualys Threat Research Unit (TRU) >+Approved by: so >+Security: FreeBSD-SA-24:04.openssh >+Security: CVE-2024-6387 >+ >+(cherry picked from commit 2abea9df01655633aabbb9bf3204c90722001202) >+(cherry picked from commit 620a6a54bb7bb6e1c5607092b6ec49e353e0925f) >+--- >+ crypto/openssh/log.c | 2 ++ >+ crypto/openssh/version.h | 2 +- >+ 2 files changed, 3 insertions(+), 1 deletion(-) >+ >+diff --git a/crypto/openssh/log.c b/crypto/openssh/log.c >+index 9fc1a2e2eaf6..436c75630181 100644 >+--- log.c.orig >++++ log.c >+@@ -451,12 +451,14 @@ void >+ sshsigdie(const char *file, const char *func, int line, int showfunc, >+ LogLevel level, const char *suffix, const char *fmt, ...) >+ { >++#if 0 >+ va_list args; >+ >+ va_start(args, fmt); >+ sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL, >+ suffix, fmt, args); >+ va_end(args); >++#endif >+ _exit(1); >+ } >+
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=251810">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 280068
: 251810