874876 – <net-misc/openssh-9.1_p1: multiple minor memory safety issues

Bug 874876 - <net-misc/openssh-9.1_p1: multiple minor memory safety issues

Summary: <net-misc/openssh-9.1_p1: multiple minor memory safety issues

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:
Whiteboard:	A4 [glsa+]
Keywords:

Depends on:	885121
Blocks:
	Show dependency tree

Reported:	2022-10-04 11:19 UTC by Agostino Sarubbo
Modified:	2022-12-28 20:49 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2022-10-04 11:19:21 UTC

From https://www.openwall.com/lists/oss-security/2022/10/04/1 :

Security
========

This release contains fixes for three minor memory safety problems.
None are believed to be exploitable, but we report most memory safety
problems as potential security vulnerabilities out of caution.

 * ssh-keyscan(1): fix a one-byte overflow in SSH- banner processing.
   Reported by Qualys

 * ssh-keygen(1): double free() in error path of file hashing step in
   signing/verify code; GHPR333

 * ssh-keysign(8): double-free in error path introduced in openssh-8.9

Comment 1 John Helmert III archtester

2022-12-19 20:29:14 UTC

GLSA request filed. We should get CVEs for this.

Comment 2 Larry the Git Cow gentoo-dev

2022-12-28 18:59:55 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=4bba232aa0519e18c1541480c7f0b8dcb717ecb2

commit 4bba232aa0519e18c1541480c7f0b8dcb717ecb2
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-12-28 18:57:54 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-12-28 18:59:24 +0000

    [ GLSA 202212-06 ] OpenSSH: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/733802
    Bug: https://bugs.gentoo.org/815010
    Bug: https://bugs.gentoo.org/874876
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202212-06.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

Comment 3 Larry the Git Cow gentoo-dev

2022-12-28 20:44:32 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=08f683984806bb85009e0e7ab23623600c8129e2

commit 08f683984806bb85009e0e7ab23623600c8129e2
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2022-12-28 20:43:45 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-12-28 20:43:58 +0000

    net-misc/openssh: drop 9.0_p1-r6, 9.1_p1
    
    Bug: https://bugs.gentoo.org/874876
    Bug: https://bugs.gentoo.org/733802
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 net-misc/openssh/Manifest                 |   7 -
 net-misc/openssh/openssh-9.0_p1-r6.ebuild | 499 -----------------------------
 net-misc/openssh/openssh-9.1_p1.ebuild    | 514 ------------------------------
 3 files changed, 1020 deletions(-)

Comment 4 Larry the Git Cow gentoo-dev

2022-12-28 20:49:06 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eadbba1d383201b13a6392480682a029d5cd6632

commit eadbba1d383201b13a6392480682a029d5cd6632
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2022-12-28 20:47:37 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-12-28 20:47:37 +0000

    net-misc/openssh: drop 9.0_p1-r6
    
    Bug: https://bugs.gentoo.org/733802
    Bug: https://bugs.gentoo.org/874876
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 net-misc/openssh/Manifest                 |   4 -
 net-misc/openssh/openssh-9.0_p1-r6.ebuild | 499 ------------------------------
 2 files changed, 503 deletions(-)

Comment 5 John Helmert III archtester

2022-12-28 20:49:39 UTC

Cleanup done, all done.