diff options
author | Andrei Dinu <andrei.adrianx.dinu@intel.com> | 2013-01-28 10:50:04 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2013-01-28 14:49:04 +0000 |
commit | f3dfb7c200389e08a362737fa27546e704907f0a (patch) | |
tree | b002c69c90babce09bbd3f6b55e0b7cc83cfce35 /meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch | |
parent | 3ba2ce25bdc78f660552d3d16272a551d434c527 (diff) | |
download | poky-f3dfb7c200389e08a362737fa27546e704907f0a.tar.gz |
openssh : upgrade to 6.1p1
(From OE-Core rev: 5534deb69b0a2835fbbf149a00d1f6ba61cc8160)
Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch')
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch | 27 |
1 files changed, 0 insertions, 27 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch b/meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch deleted file mode 100644 index 8489edcc82..0000000000 --- a/meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch +++ /dev/null | |||
@@ -1,27 +0,0 @@ | |||
1 | openssh-CVE-2011-4327 | ||
2 | |||
3 | A security flaw was found in the way ssh-keysign, | ||
4 | a ssh helper program for host based authentication, | ||
5 | attempted to retrieve enough entropy information on configurations that | ||
6 | lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would | ||
7 | be executed to retrieve the entropy from the system environment). | ||
8 | A local attacker could use this flaw to obtain unauthorized access to host keys | ||
9 | via ptrace(2) process trace attached to the 'ssh-rand-helper' program. | ||
10 | |||
11 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4327 | ||
12 | http://www.openssh.com/txt/portable-keysign-rand-helper.adv | ||
13 | |||
14 | Signed-off-by: Li Wang <li.wang@windriver.com> | ||
15 | --- a/ssh-keysign.c | ||
16 | +++ b/ssh-keysign.c | ||
17 | @@ -170,6 +170,10 @@ | ||
18 | key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); | ||
19 | key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY); | ||
20 | key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); | ||
21 | + if (fcntl(key_fd[0], F_SETFD, FD_CLOEXEC) != 0 || | ||
22 | + fcntl(key_fd[1], F_SETFD, FD_CLOEXEC) != 0 || | ||
23 | + fcntl(key_fd[2], F_SETFD, FD_CLOEXEC) != 0) | ||
24 | + fatal("fcntl failed"); | ||
25 | |||
26 | original_real_uid = getuid(); /* XXX readconf.c needs this */ | ||
27 | if ((pw = getpwuid(original_real_uid)) == NULL) | ||