diff options
| author | Chen Qi <Qi.Chen@windriver.com> | 2014-05-13 15:46:26 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-05-29 13:43:28 +0100 |
| commit | b6124bdbfba17cf15cc71fee7c5b9313dfa3c604 (patch) | |
| tree | 46a9a5c7e4d89718fd05a5d4dde16362b79db799 | |
| parent | 989013222e936362173fbc7125554ef119bbf758 (diff) | |
| download | poky-b6124bdbfba17cf15cc71fee7c5b9313dfa3c604.tar.gz | |
openssh: fix for CVE-2014-2532
sshd in OpenSSH before 6.6 does not properly support wildcards on
AcceptEnv lines in sshd_config, which allows remote attackers to
bypass intended environment restrictions by using a substring located
before a wildcard character.
(From OE-Core rev: a8d3b8979c27a8dc87971b66a1d9d9282f660596)
(From OE-Core rev: e5786afbfa79e1288d1df2401684c4c151c60406)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-connectivity/openssh/openssh_6.5p1.bb
| -rw-r--r-- | meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch | 22 | ||||
| -rw-r--r-- | meta/recipes-connectivity/openssh/openssh_6.5p1.bb | 3 |
2 files changed, 24 insertions, 1 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch b/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch new file mode 100644 index 0000000000..3deaf3f0e9 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch | |||
| @@ -0,0 +1,22 @@ | |||
| 1 | Upstream-Status: Backport | ||
| 2 | |||
| 3 | Fix for CVE-2014-2532 | ||
| 4 | |||
| 5 | Backported from openssh-6.6p1.tar.gz | ||
| 6 | |||
| 7 | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> | ||
| 8 | --- | ||
| 9 | --- a/session.c | ||
| 10 | +++ b/session.c | ||
| 11 | @@ -955,6 +955,11 @@ | ||
| 12 | u_int envsize; | ||
| 13 | u_int i, namelen; | ||
| 14 | |||
| 15 | + if (strchr(name, '=') != NULL) { | ||
| 16 | + error("Invalid environment variable \"%.100s\"", name); | ||
| 17 | + return; | ||
| 18 | + } | ||
| 19 | + | ||
| 20 | /* | ||
| 21 | * If we're passed an uninitialized list, allocate a single null | ||
| 22 | * entry before continuing. | ||
diff --git a/meta/recipes-connectivity/openssh/openssh_6.5p1.bb b/meta/recipes-connectivity/openssh/openssh_6.5p1.bb index d19cc5a6b2..5e6c03c4a5 100644 --- a/meta/recipes-connectivity/openssh/openssh_6.5p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_6.5p1.bb | |||
| @@ -27,7 +27,8 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar. | |||
| 27 | file://sshd.socket \ | 27 | file://sshd.socket \ |
| 28 | file://sshd@.service \ | 28 | file://sshd@.service \ |
| 29 | file://sshdgenkeys.service \ | 29 | file://sshdgenkeys.service \ |
| 30 | file://volatiles.99_sshd " | 30 | file://volatiles.99_sshd \ |
| 31 | file://openssh-CVE-2014-2532.patch" | ||
| 31 | 32 | ||
| 32 | PAM_SRC_URI = "file://sshd" | 33 | PAM_SRC_URI = "file://sshd" |
| 33 | 34 | ||