security/wiki
8
0
Fork 1
generated from sig_core/wiki-template
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Deployed 408a1d9 with MkDocs version: 1.6.0

Browse Source
This commit is contained in:
2024-07-08 19:03:44 +00:00
parent b18126d54c
commit faaaab5fa2
19 changed files with 1299 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
404.html
View File

@ -295,6 +295,8 @@
@ -438,6 +440,27 @@
<li class="md-nav__item">
<a href="/issues/CVE-2024-6409/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2024-6409: openssh
</span>
</a>
</li>
</ul>
</nav>

29
index.html
View File

@ -482,6 +482,8 @@
@ -625,6 +627,27 @@
<li class="md-nav__item">
<a href="issues/CVE-2024-6409/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2024-6409: openssh
</span>
</a>
</li>
</ul>
</nav>
@ -888,8 +911,8 @@
</code></pre></div>
<p>This isn't as secure as checking the package signature would be <em>if</em> you previously had our package signing public key, but on another distro you probably don't have that yet, so checking the digest against its copy obtained from this separate website is a best-effort measure.</p>
<h3 id="note">Note<a class="headerlink" href="#note" title="Permanent link">&para;</a></h3>
<p>Regardless of whether installing on Rocky or another EL distribution, the <code>security-common</code> repository comes disabled by default out of an abundance of caution because of the packages contained within the repository which override the base Rocky Linux packages.</p>
<p>In order to receive packages from the SIG, either enable the repository (<code>dnf config-mangager --enable security-common</code>), or activate for a single DNF transaction with <code>dnf --enablerepo=security-common install &lt;package&gt;</code>.</p>
<p>Regardless of whether installing on Rocky or another EL distribution, the <code>security-common</code> repository for EL9 comes disabled by default out of abundance of caution because of the packages contained within the repository that override the base Rocky Linux packages.</p>
<p>In order to receive packages from the SIG, either enable the repository (<code>dnf config-manager --enable security-common</code>), or activate for a single DNF transaction with <code>dnf --enablerepo=security-common install &lt;package&gt;</code>.</p>
<h2 id="packages">Packages<a class="headerlink" href="#packages" title="Permanent link">&para;</a></h2>
<h3 id="extra-packages-for-el8-and-el9">Extra packages (for EL8 and EL9)<a class="headerlink" href="#extra-packages-for-el8-and-el9" title="Permanent link">&para;</a></h3>
<ul>
@ -979,7 +1002,7 @@ More packages/changes are planned, including override packages also for EL8.</p>
<span class="md-icon" title="Last update">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M21 13.1c-.1 0-.3.1-.4.2l-1 1 2.1 2.1 1-1c.2-.2.2-.6 0-.8l-1.3-1.3c-.1-.1-.2-.2-.4-.2m-1.9 1.8-6.1 6V23h2.1l6.1-6.1-2.1-2M12.5 7v5.2l4 2.4-1 1L11 13V7h1.5M11 21.9c-5.1-.5-9-4.8-9-9.9C2 6.5 6.5 2 12 2c5.3 0 9.6 4.1 10 9.3-.3-.1-.6-.2-1-.2s-.7.1-1 .2C19.6 7.2 16.2 4 12 4c-4.4 0-8 3.6-8 8 0 4.1 3.1 7.5 7.1 7.9l-.1.2v1.8Z"/></svg>
</span>
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">July 3, 2024</span>
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">July 8, 2024</span>
</span>

23
issues/CVE-2023-23583/index.html
View File

@ -308,6 +308,8 @@
@ -525,6 +527,27 @@
<li class="md-nav__item">
<a href="../CVE-2024-6409/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2024-6409: openssh
</span>
</a>
</li>
</ul>
</nav>

23
issues/CVE-2023-4911/index.html
View File

@ -308,6 +308,8 @@
@ -525,6 +527,27 @@
<li class="md-nav__item">
<a href="../CVE-2024-6409/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2024-6409: openssh
</span>
</a>
</li>
</ul>
</nav>

23
issues/CVE-2024-1086/index.html
View File

@ -308,6 +308,8 @@
@ -534,6 +536,27 @@
<li class="md-nav__item">
<a href="../CVE-2024-6409/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2024-6409: openssh
</span>
</a>
</li>
</ul>
</nav>

23
issues/CVE-2024-2961/index.html
View File

@ -308,6 +308,8 @@
@ -543,6 +545,27 @@
<li class="md-nav__item">
<a href="../CVE-2024-6409/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2024-6409: openssh
</span>
</a>
</li>
</ul>
</nav>

25
issues/CVE-2024-6387/index.html
View File

@ -16,7 +16,7 @@
<link rel="prev" href="../CVE-2024-2961/">
<link rel="next" href="../../packages/control/">
<link rel="next" href="../CVE-2024-6409/">
<link rel="icon" href="../../assets/images/favicon.png">
@ -308,6 +308,8 @@
@ -534,6 +536,27 @@
<li class="md-nav__item">
<a href="../CVE-2024-6409/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2024-6409: openssh
</span>
</a>
</li>
</ul>
</nav>

905
issues/CVE-2024-6409/index.html Normal file
View File

@ -0,0 +1,905 @@
<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="description" content="The wiki for the Rocky Linux Security Special Interest Group">
<link rel="canonical" href="https://sig-security.rocky.page/issues/CVE-2024-6409/">
<link rel="prev" href="../CVE-2024-6387/">
<link rel="next" href="../../packages/control/">
<link rel="icon" href="../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.6.0, mkdocs-material-9.5.28">
<title>CVE-2024-6409: openssh - SIG/Security Wiki</title>
<link rel="stylesheet" href="../../assets/stylesheets/main.6543a935.min.css">
<link rel="stylesheet" href="../../assets/stylesheets/palette.06af60db.min.css">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
<style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
<script>__md_scope=new URL("../..",location),__md_hash=e=>[...e].reduce((e,_)=>(e<<5)-e+_.charCodeAt(0),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
</head>
<body dir="ltr" data-md-color-scheme="default" data-md-color-primary="teal" data-md-color-accent="teal">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#cve-2024-6409-openssh" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<header class="md-header md-header--shadow" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Header">
<a href="../.." title="SIG/Security Wiki" class="md-header__button md-logo" aria-label="SIG/Security Wiki" data-md-component="logo">
<img src="../../assets/icon-white.svg" alt="logo">
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2Z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
SIG/Security Wiki
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
CVE-2024-6409: openssh
</span>
</div>
</div>
</div>
<form class="md-header__option" data-md-component="palette">
<input class="md-option" data-md-color-media="(prefers-color-scheme: light)" data-md-color-scheme="default" data-md-color-primary="teal" data-md-color-accent="teal" aria-label="Switch to dark mode" type="radio" name="__palette" id="__palette_0">
<label class="md-header__button md-icon" title="Switch to dark mode" for="__palette_1" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="m17.75 4.09-2.53 1.94.91 3.06-2.63-1.81-2.63 1.81.91-3.06-2.53-1.94L12.44 4l1.06-3 1.06 3 3.19.09m3.5 6.91-1.64 1.25.59 1.98-1.7-1.17-1.7 1.17.59-1.98L15.75 11l2.06-.05L18.5 9l.69 1.95 2.06.05m-2.28 4.95c.83-.08 1.72 1.1 1.19 1.85-.32.45-.66.87-1.08 1.27C15.17 23 8.84 23 4.94 19.07c-3.91-3.9-3.91-10.24 0-14.14.4-.4.82-.76 1.27-1.08.75-.53 1.93.36 1.85 1.19-.27 2.86.69 5.83 2.89 8.02a9.96 9.96 0 0 0 8.02 2.89m-1.64 2.02a12.08 12.08 0 0 1-7.8-3.47c-2.17-2.19-3.33-5-3.49-7.82-2.81 3.14-2.7 7.96.31 10.98 3.02 3.01 7.84 3.12 10.98.31Z"/></svg>
</label>
<input class="md-option" data-md-color-media="(prefers-color-scheme: dark)" data-md-color-scheme="slate" data-md-color-primary="teal" data-md-color-accent="teal" aria-label="Switch to light mode" type="radio" name="__palette" id="__palette_1">
<label class="md-header__button md-icon" title="Switch to light mode" for="__palette_0" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 7a5 5 0 0 1 5 5 5 5 0 0 1-5 5 5 5 0 0 1-5-5 5 5 0 0 1 5-5m0 2a3 3 0 0 0-3 3 3 3 0 0 0 3 3 3 3 0 0 0 3-3 3 3 0 0 0-3-3m0-7 2.39 3.42C13.65 5.15 12.84 5 12 5c-.84 0-1.65.15-2.39.42L12 2M3.34 7l4.16-.35A7.2 7.2 0 0 0 5.94 8.5c-.44.74-.69 1.5-.83 2.29L3.34 7m.02 10 1.76-3.77a7.131 7.131 0 0 0 2.38 4.14L3.36 17M20.65 7l-1.77 3.79a7.023 7.023 0 0 0-2.38-4.15l4.15.36m-.01 10-4.14.36c.59-.51 1.12-1.14 1.54-1.86.42-.73.69-1.5.83-2.29L20.64 17M12 22l-2.41-3.44c.74.27 1.55.44 2.41.44.82 0 1.63-.17 2.37-.44L12 22Z"/></svg>
</label>
</form>
<script>var media,input,key,value,palette=__md_get("__palette");if(palette&&palette.color){"(prefers-color-scheme)"===palette.color.media&&(media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']"),palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent"));for([key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
<label class="md-header__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12Z"/></svg>
</label>
<nav class="md-search__options" aria-label="Search">
<button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41Z"/></svg>
</button>
</nav>
<div class="md-search__suggest" data-md-component="search-suggest"></div>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list" role="presentation"></ol>
</div>
</div>
</div>
</div>
</div>
<div class="md-header__source">
<a href="https://git.resf.org/security/wiki" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.5.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg>
</div>
<div class="md-source__repository">
security/wiki
</div>
</a>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary md-nav--integrated" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href="../.." title="SIG/Security Wiki" class="md-nav__button md-logo" aria-label="SIG/Security Wiki" data-md-component="logo">
<img src="../../assets/icon-white.svg" alt="logo">
</a>
SIG/Security Wiki
</label>
<div class="md-nav__source">
<a href="https://git.resf.org/security/wiki" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.5.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg>
</div>
<div class="md-source__repository">
security/wiki
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../.." class="md-nav__link">
<span class="md-ellipsis">
SIG/Security Wiki
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../news/" class="md-nav__link">
<span class="md-ellipsis">
News
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3" checked>
<label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="">
<span class="md-ellipsis">
Issues
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_3">
<span class="md-nav__icon md-icon"></span>
Issues
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../CVE-2023-23583/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2023-23583: microcode_ctl
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../CVE-2023-4911/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2023-4911: glibc
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../CVE-2024-1086/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2024-1086: kernel
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../CVE-2024-2961/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2024-2961: glibc
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../CVE-2024-6387/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2024-6387: openssh
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
<span class="md-ellipsis">
CVE-2024-6409: openssh
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<a href="./" class="md-nav__link md-nav__link--active">
<span class="md-ellipsis">
CVE-2024-6409: openssh
</span>
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#title" class="md-nav__link">
<span class="md-ellipsis">
Title
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#summary" class="md-nav__link">
<span class="md-ellipsis">
Summary
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#el9" class="md-nav__link">
<span class="md-ellipsis">
EL9
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#el8" class="md-nav__link">
<span class="md-ellipsis">
EL8
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#mitigation" class="md-nav__link">
<span class="md-ellipsis">
Mitigation
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4" >
<label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="">
<span class="md-ellipsis">
Packages
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4">
<span class="md-nav__icon md-icon"></span>
Packages
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../packages/control/" class="md-nav__link">
<span class="md-ellipsis">
Extra package: control
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../packages/glibc/" class="md-nav__link">
<span class="md-ellipsis">
Override package: glibc
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../packages/hardened_malloc/" class="md-nav__link">
<span class="md-ellipsis">
Extra package: hardened_malloc
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../packages/lkrg/" class="md-nav__link">
<span class="md-ellipsis">
Extra package: lkrg
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../packages/microcode_ctl/" class="md-nav__link">
<span class="md-ellipsis">
Override package: microcode_ctl
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../packages/openssh/" class="md-nav__link">
<span class="md-ellipsis">
Override package: openssh
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../packages/passwdqc/" class="md-nav__link">
<span class="md-ellipsis">
Extra package: passwdqc
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<a href="https://git.resf.org/security/wiki/_edit/main/docs/issues/CVE-2024-6409.md" title="Edit this page" class="md-content__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M10 20H6V4h7v5h5v3.1l2-2V8l-6-6H6c-1.1 0-2 .9-2 2v16c0 1.1.9 2 2 2h4v-2m10.2-7c.1 0 .3.1.4.2l1.3 1.3c.2.2.2.6 0 .8l-1 1-2.1-2.1 1-1c.1-.1.2-.2.4-.2m0 3.9L14.1 23H12v-2.1l6.1-6.1 2.1 2.1Z"/></svg>
</a>
<h1 id="cve-2024-6409-openssh">CVE-2024-6409: openssh<a class="headerlink" href="#cve-2024-6409-openssh" title="Permanent link">&para;</a></h1>
<h2 id="title">Title<a class="headerlink" href="#title" title="Permanent link">&para;</a></h2>
<p>CVE-2024-6409: OpenSSH: Possible remote code execution in privsep child due to a race condition in signal handling</p>
<h2 id="summary">Summary<a class="headerlink" href="#summary" title="Permanent link">&para;</a></h2>
<p>As <a href="https://www.openwall.com/lists/oss-security/2024/07/08/2">discovered by Solar Designer (CIQ/Rocky Linux)</a>:</p>
<p>OpenSSH versions 8.7 and 8.8 and the corresponding portable releases call <code>cleanup_exit()</code> from <code>grace_alarm_handler()</code> when running in the privsep child process. <code>cleanup_exit()</code> was not meant to be called from a signal handler and may call other async-signal-unsafe functions. The current understanding is that in those upstream versions <code>cleanup_exit()</code> would not actually call async-signal-unsafe functions under those conditions, but with downstream distribution patches it sometimes does. Specifically, openssh-7.6p1-audit.patch found in Red Hat's package of OpenSSH adds code to <code>cleanup_exit()</code> that exposes the issue. Relevantly, this patch is found in EL 9, where the package is based on OpenSSH 8.7p1.</p>
<p>This is an EL9-specific issue similar to <a href="../CVE-2024-6387/">CVE-2024-6387 regreSSHion</a>.</p>
<p>Public disclosure date: July 8, 2024</p>
<h2 id="el9">EL9<a class="headerlink" href="#el9" title="Permanent link">&para;</a></h2>
<ul>
<li>Fixed in version: <code>8.7p1-38.1.el9_4.security.0.7</code> available July 8, 2024</li>
</ul>
<h2 id="el8">EL8<a class="headerlink" href="#el8" title="Permanent link">&para;</a></h2>
<ul>
<li>Unaffected</li>
</ul>
<h2 id="mitigation">Mitigation<a class="headerlink" href="#mitigation" title="Permanent link">&para;</a></h2>
<p>Set <code>LoginGraceTime 0</code> in <code>/etc/ssh/sshd_config</code> and do a <code>systemctl restart sshd</code>.</p>
<p>A drawback of this mitigation is that it will make the SSH server more susceptible to denial of service attacks.</p>
<aside class="md-source-file">
<span class="md-source-file__fact">
<span class="md-icon" title="Last update">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M21 13.1c-.1 0-.3.1-.4.2l-1 1 2.1 2.1 1-1c.2-.2.2-.6 0-.8l-1.3-1.3c-.1-.1-.2-.2-.4-.2m-1.9 1.8-6.1 6V23h2.1l6.1-6.1-2.1-2M12.5 7v5.2l4 2.4-1 1L11 13V7h1.5M11 21.9c-5.1-.5-9-4.8-9-9.9C2 6.5 6.5 2 12 2c5.3 0 9.6 4.1 10 9.3-.3-.1-.6-.2-1-.2s-.7.1-1 .2C19.6 7.2 16.2 4 12 4c-4.4 0-8 3.6-8 8 0 4.1 3.1 7.5 7.1 7.9l-.1.2v1.8Z"/></svg>
</span>
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">July 8, 2024</span>
</span>
</aside>
</article>
</div>
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
</div>
<button type="button" class="md-top md-icon" data-md-component="top" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8v12Z"/></svg>
Back to top
</button>
</main>
<footer class="md-footer">
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-copyright">
<div class="md-copyright__highlight">
Copyright &copy; 2023 Rocky Enterprise Software Foundation
</div>
Made with
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "../..", "features": ["navigation.expand", "navigation.indexes", "navigation.instant", "navigation.sections", "navigation.top", "navigation.tracking", "navigation.path", "search.highlight", "search.suggest", "toc.integrate", "content.action.edit"], "search": "../../assets/javascripts/workers/search.b8dbb3d2.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
<script src="../../assets/javascripts/bundle.fe8b6f2b.min.js"></script>
</body>
</html>

37
news/index.html
View File

@ -322,6 +322,15 @@
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#july-8-2024" class="md-nav__link">
<span class="md-ellipsis">
July 8, 2024
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#july-1-2024" class="md-nav__link">
<span class="md-ellipsis">
@ -544,6 +553,8 @@
@ -687,6 +698,27 @@
<li class="md-nav__item">
<a href="../issues/CVE-2024-6409/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2024-6409: openssh
</span>
</a>
</li>
</ul>
</nav>
@ -931,6 +963,9 @@
<h1 id="news">News<a class="headerlink" href="#news" title="Permanent link">&para;</a></h1>
<p>These are what we consider significant SIG/Security news items, not an exhaustive list of package updates and wiki edits.</p>
<h2 id="july-8-2024">July 8, 2024<a class="headerlink" href="#july-8-2024" title="Permanent link">&para;</a></h2>
<p><a href="../packages/openssh/">openssh</a> <code>8.7p1-38.1.el9_4.security.0.7</code> for EL9 adds a fix for <a href="../issues/CVE-2024-6409/">CVE-2024-6409</a>,
an EL9-specific issue similar to <a href="../issues/CVE-2024-6387/">CVE-2024-6387 regreSSHion</a>.</p>
<h2 id="july-1-2024">July 1, 2024<a class="headerlink" href="#july-1-2024" title="Permanent link">&para;</a></h2>
<p><a href="../packages/openssh/">openssh</a> <code>8.7p1-38.el9_4.security.0.5</code> for EL9 adds a fix for <a href="../issues/CVE-2024-6387/">CVE-2024-6387 regreSSHion</a>.
EL8 is unaffected.</p>
@ -1013,7 +1048,7 @@ A typical facility is a SUID/SGID/setcap program or a configuration setting of a
<span class="md-icon" title="Last update">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M21 13.1c-.1 0-.3.1-.4.2l-1 1 2.1 2.1 1-1c.2-.2.2-.6 0-.8l-1.3-1.3c-.1-.1-.2-.2-.4-.2m-1.9 1.8-6.1 6V23h2.1l6.1-6.1-2.1-2M12.5 7v5.2l4 2.4-1 1L11 13V7h1.5M11 21.9c-5.1-.5-9-4.8-9-9.9C2 6.5 6.5 2 12 2c5.3 0 9.6 4.1 10 9.3-.3-.1-.6-.2-1-.2s-.7.1-1 .2C19.6 7.2 16.2 4 12 4c-4.4 0-8 3.6-8 8 0 4.1 3.1 7.5 7.1 7.9l-.1.2v1.8Z"/></svg>
</span>
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">July 1, 2024</span>
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">July 8, 2024</span>
</span>

25
packages/control/index.html
View File

@ -13,7 +13,7 @@
<link rel="canonical" href="https://sig-security.rocky.page/packages/control/">
<link rel="prev" href="../../issues/CVE-2024-6387/">
<link rel="prev" href="../../issues/CVE-2024-6409/">
<link rel="next" href="../glibc/">
@ -306,6 +306,8 @@
@ -449,6 +451,27 @@
<li class="md-nav__item">
<a href="../../issues/CVE-2024-6409/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2024-6409: openssh
</span>
</a>
</li>
</ul>
</nav>

23
packages/glibc/index.html
View File

@ -306,6 +306,8 @@
@ -449,6 +451,27 @@
<li class="md-nav__item">
<a href="../../issues/CVE-2024-6409/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2024-6409: openssh
</span>
</a>
</li>
</ul>
</nav>

23
packages/hardened_malloc/index.html
View File

@ -306,6 +306,8 @@
@ -449,6 +451,27 @@
<li class="md-nav__item">
<a href="../../issues/CVE-2024-6409/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2024-6409: openssh
</span>
</a>
</li>
</ul>
</nav>

23
packages/lkrg/index.html
View File

@ -306,6 +306,8 @@
@ -449,6 +451,27 @@
<li class="md-nav__item">
<a href="../../issues/CVE-2024-6409/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2024-6409: openssh
</span>
</a>
</li>
</ul>
</nav>

23
packages/microcode_ctl/index.html
View File

@ -306,6 +306,8 @@
@ -449,6 +451,27 @@
<li class="md-nav__item">
<a href="../../issues/CVE-2024-6409/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2024-6409: openssh
</span>
</a>
</li>
</ul>
</nav>

39
packages/openssh/index.html
View File

@ -306,6 +306,8 @@
@ -449,6 +451,27 @@
<li class="md-nav__item">
<a href="../../issues/CVE-2024-6409/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2024-6409: openssh
</span>
</a>
</li>
</ul>
</nav>
@ -767,17 +790,23 @@
<h1 id="override-package-openssh">Override package: openssh<a class="headerlink" href="#override-package-openssh" title="Permanent link">&para;</a></h1>
<h2 id="el9">EL9<a class="headerlink" href="#el9" title="Permanent link">&para;</a></h2>
<ul>
<li>Version <code>8.7p1-38.el9_4.security.0.5</code></li>
<li>Based on <code>8.7p1-38.el9</code></li>
<li>Version <code>8.7p1-38.1.el9_4.security.0.7</code></li>
<li>Based on <code>8.7p1-38.el9_4.1</code></li>
</ul>
<h3 id="changes-summary">Changes summary<a class="headerlink" href="#changes-summary" title="Permanent link">&para;</a></h3>
<ul>
<li>Instead of linking against <code>libsystemd</code>, load it dynamically in a temporary child process to avoid polluting actual <code>sshd</code>'s address space with that library and its many dependencies (shortens <code>ldd sshd</code> output from 28 to 20 lines)</li>
<li>Build without Kerberos support (further shortens <code>ldd sshd</code> from 20 to 13 lines)</li>
<li>Fix CVE-2024-6387 regreSSHion</li>
<li>Fix <a href="../../issues/CVE-2024-6409/">CVE-2024-6409</a></li>
</ul>
<h3 id="change-log">Change log<a class="headerlink" href="#change-log" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code>* Mon Jul 01 2024 Solar Designer &lt;solar@openwall.com&gt; 8.7p1-38.el9_4.security.0.5
<div class="highlight"><pre><span></span><code>* Mon Jul 08 2024 Solar Designer &lt;solar@openwall.com&gt; 8.7p1-38.1.el9_4.security.0.7
- Fix CVE-2024-6409
* Mon Jul 08 2024 Solar Designer &lt;solar@openwall.com&gt; 8.7p1-38.1.el9_4.security.0.6
- Rebase on 8.7p1-38.1
* Mon Jul 01 2024 Solar Designer &lt;solar@openwall.com&gt; 8.7p1-38.el9_4.security.0.5
- Fix CVE-2024-6387 regreSSHion
* Mon May 20 2024 Solar Designer &lt;solar@openwall.com&gt; 8.7p1-38.el9_4.security.0.4
@ -824,7 +853,7 @@
<span class="md-icon" title="Last update">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M21 13.1c-.1 0-.3.1-.4.2l-1 1 2.1 2.1 1-1c.2-.2.2-.6 0-.8l-1.3-1.3c-.1-.1-.2-.2-.4-.2m-1.9 1.8-6.1 6V23h2.1l6.1-6.1-2.1-2M12.5 7v5.2l4 2.4-1 1L11 13V7h1.5M11 21.9c-5.1-.5-9-4.8-9-9.9C2 6.5 6.5 2 12 2c5.3 0 9.6 4.1 10 9.3-.3-.1-.6-.2-1-.2s-.7.1-1 .2C19.6 7.2 16.2 4 12 4c-4.4 0-8 3.6-8 8 0 4.1 3.1 7.5 7.1 7.9l-.1.2v1.8Z"/></svg>
</span>
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">July 1, 2024</span>
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">July 8, 2024</span>
</span>

23
packages/passwdqc/index.html
View File

@ -304,6 +304,8 @@
@ -447,6 +449,27 @@
<li class="md-nav__item">
<a href="../../issues/CVE-2024-6409/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2024-6409: openssh
</span>
</a>
</li>
</ul>
</nav>

2
search/search_index.json
View File

File diff suppressed because one or more lines are too long

33
sitemap.xml
View File

@ -2,72 +2,77 @@
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
<url>
<loc>https://sig-security.rocky.page/</loc>
<lastmod>2024-07-03</lastmod>
<lastmod>2024-07-08</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/news/</loc>
<lastmod>2024-07-03</lastmod>
<lastmod>2024-07-08</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/issues/CVE-2023-23583/</loc>
<lastmod>2024-07-03</lastmod>
<lastmod>2024-07-08</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/issues/CVE-2023-4911/</loc>
<lastmod>2024-07-03</lastmod>
<lastmod>2024-07-08</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/issues/CVE-2024-1086/</loc>
<lastmod>2024-07-03</lastmod>
<lastmod>2024-07-08</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/issues/CVE-2024-2961/</loc>
<lastmod>2024-07-03</lastmod>
<lastmod>2024-07-08</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/issues/CVE-2024-6387/</loc>
<lastmod>2024-07-03</lastmod>
<lastmod>2024-07-08</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/issues/CVE-2024-6409/</loc>
<lastmod>2024-07-08</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/packages/control/</loc>
<lastmod>2024-07-03</lastmod>
<lastmod>2024-07-08</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/packages/glibc/</loc>
<lastmod>2024-07-03</lastmod>
<lastmod>2024-07-08</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/packages/hardened_malloc/</loc>
<lastmod>2024-07-03</lastmod>
<lastmod>2024-07-08</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/packages/lkrg/</loc>
<lastmod>2024-07-03</lastmod>
<lastmod>2024-07-08</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/packages/microcode_ctl/</loc>
<lastmod>2024-07-03</lastmod>
<lastmod>2024-07-08</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/packages/openssh/</loc>
<lastmod>2024-07-03</lastmod>
<lastmod>2024-07-08</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://sig-security.rocky.page/packages/passwdqc/</loc>
<lastmod>2024-07-03</lastmod>
<lastmod>2024-07-08</lastmod>
<changefreq>daily</changefreq>
</url>
</urlset>

BIN
sitemap.xml.gz
View File

Binary file not shown.