diff options
author | Chen Qi <Qi.Chen@windriver.com> | 2014-05-13 15:46:26 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-05-29 13:42:10 +0100 |
commit | e5786afbfa79e1288d1df2401684c4c151c60406 (patch) | |
tree | e5f8fbfeb622abd0c923034ea406e15bc5ad8398 | |
parent | 1a965b2ecca07d231a8058e453cbeafacc5b6c69 (diff) | |
download | openembedded-core-contrib-e5786afbfa79e1288d1df2401684c4c151c60406.tar.gz |
openssh: fix for CVE-2014-2532
sshd in OpenSSH before 6.6 does not properly support wildcards on
AcceptEnv lines in sshd_config, which allows remote attackers to
bypass intended environment restrictions by using a substring located
before a wildcard character.
(From OE-Core rev: a8d3b8979c27a8dc87971b66a1d9d9282f660596)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-connectivity/openssh/openssh_6.5p1.bb
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch | 22 | ||||
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh_6.5p1.bb | 3 |
2 files changed, 24 insertions, 1 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch b/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch new file mode 100644 index 0000000000..3deaf3f0e9 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch @@ -0,0 +1,22 @@ +Upstream-Status: Backport + +Fix for CVE-2014-2532 + +Backported from openssh-6.6p1.tar.gz + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- +--- a/session.c ++++ b/session.c +@@ -955,6 +955,11 @@ + u_int envsize; + u_int i, namelen; + ++ if (strchr(name, '=') != NULL) { ++ error("Invalid environment variable \"%.100s\"", name); ++ return; ++ } ++ + /* + * If we're passed an uninitialized list, allocate a single null + * entry before continuing. diff --git a/meta/recipes-connectivity/openssh/openssh_6.5p1.bb b/meta/recipes-connectivity/openssh/openssh_6.5p1.bb index d19cc5a6b2..5e6c03c4a5 100644 --- a/meta/recipes-connectivity/openssh/openssh_6.5p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_6.5p1.bb @@ -27,7 +27,8 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar. file://sshd.socket \ file://sshd@.service \ file://sshdgenkeys.service \ - file://volatiles.99_sshd " + file://volatiles.99_sshd \ + file://openssh-CVE-2014-2532.patch" PAM_SRC_URI = "file://sshd" |