aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssh
diff options
context:
space:
mode:
authorLi Wang <li.wang@windriver.com>2012-11-27 14:13:21 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2012-11-28 07:38:26 +0000
commitbdce08215396e5ab99ada5fa0f62c3b002a44582 (patch)
tree53e773566cc69c3d3150478eaeacd5d6b2b5227a /meta/recipes-connectivity/openssh
parent8a4f07d5111feaa3114e039431785d6ad37529b2 (diff)
downloadopenembedded-core-contrib-bdce08215396e5ab99ada5fa0f62c3b002a44582.tar.gz
openssh: CVE-2011-4327
A security flaw was found in the way ssh-keysign, a ssh helper program for host based authentication, attempted to retrieve enough entropy information on configurations that lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would be executed to retrieve the entropy from the system environment). A local attacker could use this flaw to obtain unauthorized access to host keys via ptrace(2) process trace attached to the 'ssh-rand-helper' program. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4327 http://www.openssh.com/txt/portable-keysign-rand-helper.adv [YOCTO #3493] Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/openssh')
-rw-r--r--meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch27
-rw-r--r--meta/recipes-connectivity/openssh/openssh_6.0p1.bb3
2 files changed, 29 insertions, 1 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch b/meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch
new file mode 100644
index 00000000000..8489edcc82e
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch
@@ -0,0 +1,27 @@
+openssh-CVE-2011-4327
+
+A security flaw was found in the way ssh-keysign,
+a ssh helper program for host based authentication,
+attempted to retrieve enough entropy information on configurations that
+lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would
+be executed to retrieve the entropy from the system environment).
+A local attacker could use this flaw to obtain unauthorized access to host keys
+via ptrace(2) process trace attached to the 'ssh-rand-helper' program.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4327
+http://www.openssh.com/txt/portable-keysign-rand-helper.adv
+
+Signed-off-by: Li Wang <li.wang@windriver.com>
+--- a/ssh-keysign.c
++++ b/ssh-keysign.c
+@@ -170,6 +170,10 @@
+ key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
+ key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
+ key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
++ if (fcntl(key_fd[0], F_SETFD, FD_CLOEXEC) != 0 ||
++ fcntl(key_fd[1], F_SETFD, FD_CLOEXEC) != 0 ||
++ fcntl(key_fd[2], F_SETFD, FD_CLOEXEC) != 0)
++ fatal("fcntl failed");
+
+ original_real_uid = getuid(); /* XXX readconf.c needs this */
+ if ((pw = getpwuid(original_real_uid)) == NULL)
diff --git a/meta/recipes-connectivity/openssh/openssh_6.0p1.bb b/meta/recipes-connectivity/openssh/openssh_6.0p1.bb
index 31202d42840..df77040099f 100644
--- a/meta/recipes-connectivity/openssh/openssh_6.0p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_6.0p1.bb
@@ -7,7 +7,7 @@ SECTION = "console/network"
LICENSE = "BSD"
LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507"
-PR = "r3"
+PR = "r4"
DEPENDS = "zlib openssl"
DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
@@ -23,6 +23,7 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.
file://sshd_config \
file://ssh_config \
file://init \
+ file://openssh-CVE-2011-4327.patch \
${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)}"
PAM_SRC_URI = "file://sshd"