From b5cc72b1423a26e03f6dd2a729d4ff58046ccc01 Mon Sep 17 00:00:00 2001 From: Solar Designer Date: Mon, 1 Jul 2024 13:12:16 +0200 Subject: [PATCH] openssh 8.7p1-38.el9_4.security.0.5 --- docs/issues/CVE-2024-6387.md | 30 ++++++++++++++++++++++++++++++ docs/news.md | 5 +++++ docs/packages/openssh.md | 6 +++++- 3 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 docs/issues/CVE-2024-6387.md diff --git a/docs/issues/CVE-2024-6387.md b/docs/issues/CVE-2024-6387.md new file mode 100644 index 0000000..74b137a --- /dev/null +++ b/docs/issues/CVE-2024-6387.md @@ -0,0 +1,30 @@ +# CVE-2024-6387: openssh + +## Title + +CVE-2024-6387: regreSSHion: remote code execution (RCE) in OpenSSH server, exploitable at least on glibc-based Linux systems + +## Summary + +As [discovered by Qualys](https://www.openwall.com/lists/oss-security/2024/07/01/3) and +[summarized by OpenSSH upstream](https://www.openwall.com/lists/oss-security/2024/07/01/1): + +A critical vulnerability in sshd(8) was present in Portable OpenSSH versions 8.5p1 [to] 9.7p1 (inclusive) that may allow arbitrary code execution with root privileges. + +Successful exploitation has been demonstrated on 32-bit Linux/glibc systems with ASLR. Under lab conditions, the attack requires on average 6-8 hours of continuous connections up to the maximum the server will accept. Exploitation on 64-bit systems is believed to be possible but has not been demonstrated at this time. It's likely that these attacks will be improved upon. + +Public disclosure date: July 1, 2024 + +## EL9 + +- Fixed in version: `8.7p1-38.el9_4.security.0.5` available July 1, 2024 + +## EL8 + +- Unaffected + +## Mitigation + +Set `LoginGraceTime 0` in `/etc/ssh/sshd_config` and do a `systemctl restart sshd`. + +A drawback of this mitigation is that it will make the SSH server more susceptible to denial of service attacks. diff --git a/docs/news.md b/docs/news.md index 5dc7869..cce6c53 100644 --- a/docs/news.md +++ b/docs/news.md @@ -2,6 +2,11 @@ These are what we consider significant SIG/Security news items, not an exhaustive list of package updates and wiki edits. +## July 1, 2024 + +[openssh](packages/openssh.md) `8.7p1-38.el9_4.security.0.5` for EL9 adds a fix for [CVE-2024-6387 regreSSHion](issues/CVE-2024-6387.md). +EL8 is unaffected. + ## June 13, 2024 [glibc](packages/glibc.md) `2.34-100.2.el9_4.security.0.9` is a rebase on `2.34-100.el9_4.2`, diff --git a/docs/packages/openssh.md b/docs/packages/openssh.md index b92a78b..260d6fe 100644 --- a/docs/packages/openssh.md +++ b/docs/packages/openssh.md @@ -2,17 +2,21 @@ ## EL9 -- Version `8.7p1-38.el9_4.security.0.4` +- Version `8.7p1-38.el9_4.security.0.5` - Based on `8.7p1-38.el9` ### Changes summary - Instead of linking against `libsystemd`, load it dynamically in a temporary child process to avoid polluting actual `sshd`'s address space with that library and its many dependencies (shortens `ldd sshd` output from 28 to 20 lines) - Build without Kerberos support (further shortens `ldd sshd` from 20 to 13 lines) +- Fix CVE-2024-6387 regreSSHion ### Change log ``` +* Mon Jul 01 2024 Solar Designer 8.7p1-38.el9_4.security.0.5 +- Fix CVE-2024-6387 regreSSHion + * Mon May 20 2024 Solar Designer 8.7p1-38.el9_4.security.0.4 - Rebase on 8.7p1-38