security/wiki
8
0
Fork 1
generated from sig_core/wiki-template
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: security:9ffc253e492d30ddc78200e4b6d81848a2c6c70e
Branches Tags
security:main
security:gh-pages
security:update/cve-2024-6387
..
compare: security:3cc4e716cc74db8446a57ce95260ade8446b8d06
Branches Tags
security:gh-pages
security:main
security:update/cve-2024-6387

No commits in common. "9ffc253e492d30ddc78200e4b6d81848a2c6c70e" and "3cc4e716cc74db8446a57ce95260ade8446b8d06" have entirely different histories.
9ffc253e49 ... 3cc4e716cc

3 changed files with 1 additions and 40 deletions
Show stats Expand all files Collapse all files

30
docs/issues/CVE-2024-6387.md
View file

@ -1,30 +0,0 @@
# CVE-2024-6387: openssh
## Title
CVE-2024-6387: regreSSHion: remote code execution (RCE) in OpenSSH server, exploitable at least on glibc-based Linux systems
## Summary
As [discovered by Qualys](https://www.openwall.com/lists/oss-security/2024/07/01/3) and
[summarized by OpenSSH upstream](https://www.openwall.com/lists/oss-security/2024/07/01/1):
A critical vulnerability in sshd(8) was present in Portable OpenSSH versions 8.5p1 [to] 9.7p1 (inclusive) that may allow arbitrary code execution with root privileges.
Successful exploitation has been demonstrated on 32-bit Linux/glibc systems with ASLR. Under lab conditions, the attack requires on average 6-8 hours of continuous connections up to the maximum the server will accept. Exploitation on 64-bit systems is believed to be possible but has not been demonstrated at this time. It's likely that these attacks will be improved upon.
Public disclosure date: July 1, 2024
## EL9
- Fixed in version: `8.7p1-38.el9_4.security.0.5` available July 1, 2024
## EL8
- Unaffected
## Mitigation
Set `LoginGraceTime 0` in `/etc/ssh/sshd_config` and do a `systemctl restart sshd`.
A drawback of this mitigation is that it will make the SSH server more susceptible to denial of service attacks.

5
docs/news.md
View file

@ -2,11 +2,6 @@
These are what we consider significant SIG/Security news items, not an exhaustive list of package updates and wiki edits. These are what we consider significant SIG/Security news items, not an exhaustive list of package updates and wiki edits.
## July 1, 2024
[openssh](packages/openssh.md) `8.7p1-38.el9_4.security.0.5` for EL9 adds a fix for [CVE-2024-6387 regreSSHion](issues/CVE-2024-6387.md).
EL8 is unaffected.
## June 13, 2024 ## June 13, 2024
[glibc](packages/glibc.md) `2.34-100.2.el9_4.security.0.9` is a rebase on `2.34-100.el9_4.2`, [glibc](packages/glibc.md) `2.34-100.2.el9_4.security.0.9` is a rebase on `2.34-100.el9_4.2`,

6
docs/packages/openssh.md
View file

@ -2,21 +2,17 @@
## EL9 ## EL9
- Version `8.7p1-38.el9_4.security.0.5` - Version `8.7p1-38.el9_4.security.0.4`
- Based on `8.7p1-38.el9` - Based on `8.7p1-38.el9`
### Changes summary ### Changes summary
- Instead of linking against `libsystemd`, load it dynamically in a temporary child process to avoid polluting actual `sshd`'s address space with that library and its many dependencies (shortens `ldd sshd` output from 28 to 20 lines) - Instead of linking against `libsystemd`, load it dynamically in a temporary child process to avoid polluting actual `sshd`'s address space with that library and its many dependencies (shortens `ldd sshd` output from 28 to 20 lines)
- Build without Kerberos support (further shortens `ldd sshd` from 20 to 13 lines) - Build without Kerberos support (further shortens `ldd sshd` from 20 to 13 lines)
- Fix CVE-2024-6387 regreSSHion
### Change log ### Change log
``` ```
* Mon Jul 01 2024 Solar Designer <solar@openwall.com> 8.7p1-38.el9_4.security.0.5
- Fix CVE-2024-6387 regreSSHion
* Mon May 20 2024 Solar Designer <solar@openwall.com> 8.7p1-38.el9_4.security.0.4 * Mon May 20 2024 Solar Designer <solar@openwall.com> 8.7p1-38.el9_4.security.0.4
- Rebase on 8.7p1-38 - Rebase on 8.7p1-38