Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2024-6387: OpenSSH 9.8: regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems #1754

Open
travier opened this issue Jul 1, 2024 · 5 comments · Fixed by coreos/fedora-coreos-config#3047
Open

CVE-2024-6387: OpenSSH 9.8: regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems #1754

travier opened this issue Jul 1, 2024 · 5 comments · Fixed by coreos/fedora-coreos-config#3047
Labels
jira for syncing to jira kind/bug priority/high status/pending-testing-release Fixed upstream. Waiting on a testing release.

Comments

@travier
Copy link
Member

travier commented Jul 1, 2024
edited
Loading

See:

We discovered a vulnerability (a signal handler race condition) in OpenSSH's server (sshd): if a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously, but this signal handler calls various functions that are not async-signal-safe (for
example, syslog()). This race condition affects sshd in its default configuration.

They only have working exploits for i686 right now.

The configuration workarounds are not ideal unfortunately: https://lwn.net/ml/all/4f270df5-2b24-979d-c03f-6d8f3b9d007d@mindrot.org/
@travier travier added the status/pending-upstream-release Fixed upstream. Waiting on an upstream component source code release. label Jul 1, 2024
@travier
Copy link
Member Author

travier commented Jul 1, 2024

Technically it's pending a package update in Fedora.

@cverna cverna added the jira for syncing to jira label Jul 2, 2024
@cverna
Copy link
Member

cverna commented Jul 2, 2024

Update with the backported fix for F40 https://bodhi.fedoraproject.org/updates/FEDORA-2024-dc89a2e1bf

@travier travier added status/pending-testing-release Fixed upstream. Waiting on a testing release. and removed status/pending-upstream-release Fixed upstream. Waiting on an upstream component source code release. labels Jul 2, 2024
@travier
Copy link
Member Author

travier commented Jul 2, 2024

I did https://github.com/coreos/fedora-coreos-config/actions/runs/9757857281 to fast-track it and it gets me:

Exception: Package openssh-9.6p1-1.fc40.4 doesn't match expected dist tag .fc40

travier added a commit to travier/fedora-coreos-config that referenced this issue Jul 2, 2024
@travier
fasttrack openssh-9.6p1-1.fc40.4
fc32515 
Fixes: coreos/fedora-coreos-tracker#1754
@travier travier mentioned this issue Jul 2, 2024
Merged
@travier
Copy link
Member Author

travier commented Jul 2, 2024

Did a manual fasttrack: coreos/fedora-coreos-config#3047

@travier
Copy link
Member Author

travier commented Jul 2, 2024

Alternative mitigation in https://social.treehouse.systems/@marcan/112715795823895634:

echo 'OPTIONS=-e' | sudo tee -a /etc/sysconfig/sshd && sudo systemctl restart sshd

jbtrystram pushed a commit to coreos/fedora-coreos-config that referenced this issue Jul 2, 2024
@travier @jbtrystram
fasttrack openssh-9.6p1-1.fc40.4
8369ad1 
Fixes: coreos/fedora-coreos-tracker#1754
@jlebon jlebon reopened this Jul 2, 2024
This was referenced Jul 2, 2024
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
jira for syncing to jira kind/bug priority/high status/pending-testing-release Fixed upstream. Waiting on a testing release.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fasttrack openssh-9.6p1-1.fc40.4 travier/fedora-coreos-config
3 participants
@cverna @jlebon @travier