Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 874876 - <net-misc/openssh-9.1_p1: multiple minor memory safety issues
Summary: <net-misc/openssh-9.1_p1: multiple minor memory safety issues
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL:
Whiteboard: A4 [glsa+]
Keywords:
Depends on: 885121
Blocks:
  Show dependency tree
 
Reported: 2022-10-04 11:19 UTC by Agostino Sarubbo
Modified: 2022-12-28 20:49 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2022-10-04 11:19:21 UTC
From https://www.openwall.com/lists/oss-security/2022/10/04/1 :

Security
========

This release contains fixes for three minor memory safety problems.
None are believed to be exploitable, but we report most memory safety
problems as potential security vulnerabilities out of caution.

 * ssh-keyscan(1): fix a one-byte overflow in SSH- banner processing.
   Reported by Qualys

 * ssh-keygen(1): double free() in error path of file hashing step in
   signing/verify code; GHPR333

 * ssh-keysign(8): double-free in error path introduced in openssh-8.9
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-19 20:29:14 UTC
GLSA request filed. We should get CVEs for this.
Comment 2 Larry the Git Cow gentoo-dev 2022-12-28 18:59:55 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=4bba232aa0519e18c1541480c7f0b8dcb717ecb2

commit 4bba232aa0519e18c1541480c7f0b8dcb717ecb2
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-12-28 18:57:54 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-12-28 18:59:24 +0000

    [ GLSA 202212-06 ] OpenSSH: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/733802
    Bug: https://bugs.gentoo.org/815010
    Bug: https://bugs.gentoo.org/874876
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202212-06.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)
Comment 3 Larry the Git Cow gentoo-dev 2022-12-28 20:44:32 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=08f683984806bb85009e0e7ab23623600c8129e2

commit 08f683984806bb85009e0e7ab23623600c8129e2
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2022-12-28 20:43:45 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-12-28 20:43:58 +0000

    net-misc/openssh: drop 9.0_p1-r6, 9.1_p1
    
    Bug: https://bugs.gentoo.org/874876
    Bug: https://bugs.gentoo.org/733802
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 net-misc/openssh/Manifest                 |   7 -
 net-misc/openssh/openssh-9.0_p1-r6.ebuild | 499 -----------------------------
 net-misc/openssh/openssh-9.1_p1.ebuild    | 514 ------------------------------
 3 files changed, 1020 deletions(-)
Comment 4 Larry the Git Cow gentoo-dev 2022-12-28 20:49:06 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eadbba1d383201b13a6392480682a029d5cd6632

commit eadbba1d383201b13a6392480682a029d5cd6632
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2022-12-28 20:47:37 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-12-28 20:47:37 +0000

    net-misc/openssh: drop 9.0_p1-r6
    
    Bug: https://bugs.gentoo.org/733802
    Bug: https://bugs.gentoo.org/874876
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 net-misc/openssh/Manifest                 |   4 -
 net-misc/openssh/openssh-9.0_p1-r6.ebuild | 499 ------------------------------
 2 files changed, 503 deletions(-)
Comment 5 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-28 20:49:39 UTC
Cleanup done, all done.