diff options
author | Li Wang <li.wang@windriver.com> | 2012-11-27 14:13:21 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2012-11-28 07:41:26 +0000 |
commit | b629d940304ec65c2d799e0aa44d03562a784bd6 (patch) | |
tree | 2832168b5944ceb31705266a585841283ff6e57f /meta/recipes-connectivity/openssh | |
parent | 8d1aed5dd236a82da9caae6c486c5165cd877d85 (diff) | |
download | poky-b629d940304ec65c2d799e0aa44d03562a784bd6.tar.gz |
openssh: CVE-2011-4327
A security flaw was found in the way ssh-keysign,
a ssh helper program for host based authentication,
attempted to retrieve enough entropy information on configurations that
lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would
be executed to retrieve the entropy from the system environment).
A local attacker could use this flaw to obtain unauthorized access to host keys
via ptrace(2) process trace attached to the 'ssh-rand-helper' program.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4327
http://www.openssh.com/txt/portable-keysign-rand-helper.adv
[YOCTO #3493]
(From OE-Core rev: bdce08215396e5ab99ada5fa0f62c3b002a44582)
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/openssh')
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch | 27 | ||||
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh_6.0p1.bb | 3 |
2 files changed, 29 insertions, 1 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch b/meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch new file mode 100644 index 0000000000..8489edcc82 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch | |||
@@ -0,0 +1,27 @@ | |||
1 | openssh-CVE-2011-4327 | ||
2 | |||
3 | A security flaw was found in the way ssh-keysign, | ||
4 | a ssh helper program for host based authentication, | ||
5 | attempted to retrieve enough entropy information on configurations that | ||
6 | lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would | ||
7 | be executed to retrieve the entropy from the system environment). | ||
8 | A local attacker could use this flaw to obtain unauthorized access to host keys | ||
9 | via ptrace(2) process trace attached to the 'ssh-rand-helper' program. | ||
10 | |||
11 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4327 | ||
12 | http://www.openssh.com/txt/portable-keysign-rand-helper.adv | ||
13 | |||
14 | Signed-off-by: Li Wang <li.wang@windriver.com> | ||
15 | --- a/ssh-keysign.c | ||
16 | +++ b/ssh-keysign.c | ||
17 | @@ -170,6 +170,10 @@ | ||
18 | key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); | ||
19 | key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY); | ||
20 | key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); | ||
21 | + if (fcntl(key_fd[0], F_SETFD, FD_CLOEXEC) != 0 || | ||
22 | + fcntl(key_fd[1], F_SETFD, FD_CLOEXEC) != 0 || | ||
23 | + fcntl(key_fd[2], F_SETFD, FD_CLOEXEC) != 0) | ||
24 | + fatal("fcntl failed"); | ||
25 | |||
26 | original_real_uid = getuid(); /* XXX readconf.c needs this */ | ||
27 | if ((pw = getpwuid(original_real_uid)) == NULL) | ||
diff --git a/meta/recipes-connectivity/openssh/openssh_6.0p1.bb b/meta/recipes-connectivity/openssh/openssh_6.0p1.bb index 31202d4284..df77040099 100644 --- a/meta/recipes-connectivity/openssh/openssh_6.0p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_6.0p1.bb | |||
@@ -7,7 +7,7 @@ SECTION = "console/network" | |||
7 | LICENSE = "BSD" | 7 | LICENSE = "BSD" |
8 | LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507" | 8 | LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507" |
9 | 9 | ||
10 | PR = "r3" | 10 | PR = "r4" |
11 | 11 | ||
12 | DEPENDS = "zlib openssl" | 12 | DEPENDS = "zlib openssl" |
13 | DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" | 13 | DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" |
@@ -23,6 +23,7 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar. | |||
23 | file://sshd_config \ | 23 | file://sshd_config \ |
24 | file://ssh_config \ | 24 | file://ssh_config \ |
25 | file://init \ | 25 | file://init \ |
26 | file://openssh-CVE-2011-4327.patch \ | ||
26 | ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)}" | 27 | ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)}" |
27 | 28 | ||
28 | PAM_SRC_URI = "file://sshd" | 29 | PAM_SRC_URI = "file://sshd" |