diff options
author | Chen Qi <Qi.Chen@windriver.com> | 2014-05-13 15:46:26 +0800 |
---|---|---|
committer | Andreas Oberritter <obi@opendreambox.org> | 2015-02-23 17:15:34 +0100 |
commit | 0d03c8dd20d7f61964e70ba15e34bb32ccc9202b (patch) | |
tree | 669c6956ef5d7dbd19a5afac2898d26cb14c8945 /meta/recipes-connectivity | |
parent | ab0e13f585a99f86417de7792354798f90772d28 (diff) | |
download | openembedded-core-contrib-0d03c8dd20d7f61964e70ba15e34bb32ccc9202b.tar.gz |
openssh: fix for CVE-2014-2532
sshd in OpenSSH before 6.6 does not properly support wildcards on
AcceptEnv lines in sshd_config, which allows remote attackers to
bypass intended environment restrictions by using a substring located
before a wildcard character.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a8d3b8979c27a8dc87971b66a1d9d9282f660596)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org> (merge fixes)
Diffstat (limited to 'meta/recipes-connectivity')
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch | 22 | ||||
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh_6.5p1.bb | 3 |
2 files changed, 24 insertions, 1 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch b/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch new file mode 100644 index 0000000000..3deaf3f0e9 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch @@ -0,0 +1,22 @@ +Upstream-Status: Backport + +Fix for CVE-2014-2532 + +Backported from openssh-6.6p1.tar.gz + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- +--- a/session.c ++++ b/session.c +@@ -955,6 +955,11 @@ + u_int envsize; + u_int i, namelen; + ++ if (strchr(name, '=') != NULL) { ++ error("Invalid environment variable \"%.100s\"", name); ++ return; ++ } ++ + /* + * If we're passed an uninitialized list, allocate a single null + * entry before continuing. diff --git a/meta/recipes-connectivity/openssh/openssh_6.5p1.bb b/meta/recipes-connectivity/openssh/openssh_6.5p1.bb index eb688b9552..88bad792af 100644 --- a/meta/recipes-connectivity/openssh/openssh_6.5p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_6.5p1.bb @@ -27,7 +27,8 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar. file://sshd.socket \ file://sshd@.service \ file://sshdgenkeys.service \ - file://volatiles.99_sshd " + file://volatiles.99_sshd \ + file://openssh-CVE-2014-2532.patch" PAM_SRC_URI = "file://sshd" |