Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 734624 (CVE-2020-16135) - <net-libs/libssh-0.9.5: Null pointer dereference (CVE-2020-16135)
Summary: <net-libs/libssh-0.9.5: Null pointer dereference (CVE-2020-16135)
Status: RESOLVED FIXED
Alias: CVE-2020-16135
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://gitlab.com/libssh/libssh-mirr...
Whiteboard: B3 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-07-29 22:59 UTC by John Helmert III
Modified: 2020-11-03 00:54 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2020-07-29 22:59:13 UTC
CVE-2020-16135:

libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.



Patches are at URL. Looks like it wasn't merged from the merge request but just a series of commits:

https://gitlab.com/libssh/libssh-mirror/-/commit/533d881b0f4b24c72b35ecc97fa35d295d063e53
https://gitlab.com/libssh/libssh-mirror/-/commit/2782cb0495b7450bd8fe43ce4af886b66fea6c40
https://gitlab.com/libssh/libssh-mirror/-/commit/10b3ebbe61a7031a3dae97f05834442220447181
https://gitlab.com/libssh/libssh-mirror/-/commit/245ad744b5ab0582fef7cf3905a717b791d7e08b
Comment 1 Lars Wendler (Polynomial-C) gentoo-dev 2020-07-30 09:26:07 UTC
Upstream told me that it's safe to wait for the upcoming release (which they planned to release in about a month).
Comment 2 Sam James archtester gentoo-dev Security 2020-08-03 07:45:01 UTC
(In reply to Lars Wendler (Polynomial-C) from comment #1)
> Upstream told me that it's safe to wait for the upcoming release (which they
> planned to release in about a month).

Thanks!
Comment 3 Sam James archtester gentoo-dev Security 2020-09-13 19:21:56 UTC
Thanks. Tell us when it's ready to stable.
Comment 4 Sam James archtester gentoo-dev Security 2020-09-25 20:49:22 UTC
Ready?
Comment 5 Sam James archtester gentoo-dev Security 2020-09-29 11:41:35 UTC
ppc done
Comment 6 Sam James archtester gentoo-dev Security 2020-09-29 18:46:11 UTC
arm64 done
Comment 7 Rolf Eike Beer archtester 2020-09-30 05:32:22 UTC
sparc stable
Comment 8 Sergei Trofimovich gentoo-dev 2020-10-02 10:39:15 UTC
ppc64 stable
Comment 9 Sam James archtester gentoo-dev Security 2020-10-02 21:35:22 UTC
arm done
Comment 10 Sam James archtester gentoo-dev Security 2020-10-02 21:51:52 UTC
x86 done
Comment 11 Sam James archtester gentoo-dev Security 2020-10-03 15:04:01 UTC
amd64 done
Comment 12 Rolf Eike Beer archtester 2020-10-15 18:55:50 UTC
hppa stable. Last arch, closing.
Comment 13 Rolf Eike Beer archtester 2020-10-15 18:56:05 UTC
Sorry, not my day.
Comment 14 Sam James archtester gentoo-dev Security 2020-10-15 18:56:36 UTC
(In reply to Rolf Eike Beer from comment #13)
> Sorry, not my day.

No worries. :)

Please cleanup.
Comment 15 Larry the Git Cow gentoo-dev 2020-10-15 19:07:11 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=db2e4f147fa025f4a824b3c92125ca3d518a1038

commit db2e4f147fa025f4a824b3c92125ca3d518a1038
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2020-10-15 19:00:53 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2020-10-15 19:00:53 +0000

    net-libs/libssh: Cleanup vulnerable 0.9.4
    
    Bug: https://bugs.gentoo.org/734624
    Package-Manager: Portage-3.0.8, Repoman-3.0.1
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 net-libs/libssh/Manifest            |   1 -
 net-libs/libssh/libssh-0.9.4.ebuild | 119 ------------------------------------
 2 files changed, 120 deletions(-)
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2020-11-03 00:54:27 UTC
This issue was resolved and addressed in
 GLSA 202011-05 at https://security.gentoo.org/glsa/202011-05
by GLSA coordinator Sam James (sam_c).