From 177f6c925137f54323a83aeb975adeb4dda81284 Mon Sep 17 00:00:00 2001 From: liuzy518 <570407222@qq.com> Date: Tue, 15 Sep 2020 16:39:43 +0800 Subject: [PATCH 1/2] fix CVE-2018-15919 Signed-off-by: liuzy518 <570407222@qq.com> --- CVE-2018-15919.patch | 60 ++++++++++++++++++++++++++++++++++++++++++++ openssh.spec | 15 +++++++++-- 2 files changed, 73 insertions(+), 2 deletions(-) create mode 100644 CVE-2018-15919.patch diff --git a/CVE-2018-15919.patch b/CVE-2018-15919.patch new file mode 100644 index 0000000..4eefc9d --- /dev/null +++ b/CVE-2018-15919.patch @@ -0,0 +1,60 @@ +From 4286e434ab29c077a42d52c97e7a2e92f93fc1c3 Mon Sep 17 00:00:00 2001 +From: zhuqingfu +Date: Tue, 15 Sep 2020 15:09:52 +0800 +Subject: [PATCH] CVE-2018-15919 + +--- + auth.h | 1 + + auth2-gss.c | 1 + + auth2.c | 4 ++++ + 3 files changed, 6 insertions(+) + +diff --git a/auth.h b/auth.h +index c3a92df..1127fdf 100644 +--- a/auth.h ++++ b/auth.h +@@ -58,6 +58,7 @@ struct Authctxt { + int attempt; + int failures; + int server_caused_failure; ++ int server_caused_gssapi_failure; + int force_pwchange; + char *user; /* username sent by the client */ + char *service; +diff --git a/auth2-gss.c b/auth2-gss.c +index 4708375..6008319 100644 +--- a/auth2-gss.c ++++ b/auth2-gss.c +@@ -156,6 +156,7 @@ userauth_gssapi(struct ssh *ssh) + ssh_gssapi_delete_ctx(&ctxt); + free(doid); + authctxt->server_caused_failure = 1; ++ authctxt->server_caused_gssapi_failure = 1; + return (0); + } + +diff --git a/auth2.c b/auth2.c +index 956b9cf..2c4fc97 100644 +--- a/auth2.c ++++ b/auth2.c +@@ -345,6 +345,7 @@ if (options.check_user_splash) + auth2_authctxt_reset_info(authctxt); + authctxt->postponed = 0; + authctxt->server_caused_failure = 0; ++ authctxt->server_caused_gssapi_failure = 0; + + /* try to authenticate user */ + m = authmethod_lookup(authctxt, method); +@@ -442,6 +443,9 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, + if (!partial && !authctxt->server_caused_failure && + (authctxt->attempt > 1 || strcmp(method, "none") != 0)) + authctxt->failures++; ++ if (!partial && authctxt->server_caused_gssapi_failure && ++ (authctxt->attempt > 1 || strcmp(method, "none") != 0)) ++ authctxt->failures++; + if (authctxt->failures >= options.max_authtries) { + #ifdef SSH_AUDIT_EVENTS + PRIVSEP(audit_event(ssh, SSH_LOGIN_EXCEED_MAXTRIES)); +-- +1.8.3.1 + diff --git a/openssh.spec b/openssh.spec index 9903bf8..c0c8e74 100644 --- a/openssh.spec +++ b/openssh.spec @@ -9,7 +9,7 @@ Name: openssh Version: 8.2p1 -Release: 5 +Release: 6 URL: http://www.openssh.com/portable.html License: BSD Summary: An open source implementation of SSH protocol version 2 @@ -88,6 +88,7 @@ Patch56: set-sshd-config.patch Patch57: CVE-2020-12062-1.patch Patch58: CVE-2020-12062-2.patch Patch59: upstream-expose-vasnmprintf.patch +Patch60: CVE-2018-15919.patch Requires: /sbin/nologin Requires: libselinux >= 2.3-5 audit-libs >= 1.0.8 @@ -249,6 +250,7 @@ popd %patch57 -p1 %patch58 -p1 %patch59 -p1 +%patch60 -p1 autoreconf pushd pam_ssh_agent_auth-0.10.3 @@ -291,7 +293,10 @@ fi --with-privsep-path=%{_var}/empty/sshd --disable-strip \ --without-zlib-version-check --with-ssl-engine --with-ipaddr-display \ --with-pie=no --without-hardening --with-systemd --with-default-pkcs11-provider=yes \ - --with-ldap --with-pam --with-selinux --with-audit=linux --with-sandbox=seccomp_filter \ + --with-ldap --with-pam --with-selinux --with-audit=linux \ +%ifnarch riscv64 + --with-sandbox=seccomp_filter \ +%endif --with-kerberos5${krb5_prefix:+=${krb5_prefix}} --with-libedit make @@ -461,6 +466,12 @@ getent passwd sshd >/dev/null || \ %attr(0644,root,root) %{_mandir}/man8/sftp-server.8* %changelog +* Thu Sep 15 2020 liulong - 8.2P1-6 +- Type:cves +- ID:CVE-2018-15919 +- SUG:NA +- DESC:Fix CVE-2018-15919 + * Thu Jul 2 2020 zhouyihang - 8.2P1-5 - Type:cves - ID:CVE-2020-12062 -- Gitee From e90afa8979895aad76af576ba28f614ae547d3d6 Mon Sep 17 00:00:00 2001 From: liuzy518 <570407222@qq.com> Date: Tue, 15 Sep 2020 16:41:18 +0800 Subject: [PATCH 2/2] fix CVE-2018-15919 Signed-off-by: liuzy518 <570407222@qq.com> --- CVE-2018-15919.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CVE-2018-15919.patch b/CVE-2018-15919.patch index 4eefc9d..8f48b86 100644 --- a/CVE-2018-15919.patch +++ b/CVE-2018-15919.patch @@ -1,5 +1,5 @@ From 4286e434ab29c077a42d52c97e7a2e92f93fc1c3 Mon Sep 17 00:00:00 2001 -From: zhuqingfu +From: liulong Date: Tue, 15 Sep 2020 15:09:52 +0800 Subject: [PATCH] CVE-2018-15919 -- Gitee