From 3472e39b236971b875d7a9f7c5fee36b130baef7 Mon Sep 17 00:00:00 2001 From: renmingshuai Date: Wed, 15 Dec 2021 16:39:03 +0800 Subject: [PATCH] backport CVE-2021-28041 --- backport-CVE-2021-28041.patch | 16 ++++++++++++++++ openssh.spec | 10 +++++++++- 2 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2021-28041.patch diff --git a/backport-CVE-2021-28041.patch b/backport-CVE-2021-28041.patch new file mode 100644 index 0000000..7ba8c70 --- /dev/null +++ b/backport-CVE-2021-28041.patch @@ -0,0 +1,16 @@ +Reference:https://src.fedoraproject.org/rpms/openssh/blob/f33/f/openssh-8.4p1-cve-2021-28041.patch +diff --git a/ssh-agent.c b/ssh-agent.c +index 6e536e5..3bac42d 100644 +--- a/ssh-agent.c ++++ b/ssh-agent.c +@@ -496,6 +496,7 @@ process_add_identity(SocketEntry *e) + goto err; + } + free(ext_name); ++ ext_name = NULL; + break; + default: + error("%s: Unknown constraint %d", __func__, ctype); +-- +1.8.3.1 + diff --git a/openssh.spec b/openssh.spec index bba3942..0db9a11 100644 --- a/openssh.spec +++ b/openssh.spec @@ -6,7 +6,7 @@ %{?no_gtk2:%global gtk2 0} %global sshd_uid 74 -%global openssh_release 14 +%global openssh_release 15 Name: openssh Version: 8.2p1 @@ -94,6 +94,7 @@ Patch61: add-strict-scp-check-for-CVE-2020-15778.patch Patch62: backport-move-closefrom-to-before-first-malloc.patch Patch63: backport-CVE-2021-41617-1.patch Patch64: backport-CVE-2021-41617-2.patch +Patch65: backport-CVE-2021-28041.patch Requires: /sbin/nologin Requires: libselinux >= 2.3-5 audit-libs >= 1.0.8 @@ -260,6 +261,7 @@ popd %patch62 -p1 %patch63 -p1 %patch64 -p1 +%patch65 -p1 autoreconf pushd pam_ssh_agent_auth-0.10.3 @@ -471,6 +473,12 @@ getent passwd sshd >/dev/null || \ %attr(0644,root,root) %{_mandir}/man8/sftp-server.8* %changelog +* Wed Dec 15 2021 renmingshuai - 8.2P1-15 +- Type:cves +- CVE:CVE-2021-28041 +- SUG:NA +- DESC:fix CVE-2021-28041 + * Sat Oct 09 2021 renmingshuai - 8.2P1-14 - Type:bugfix - CVE:CVE-2021-41617 -- Gitee