Revision: 7457
http://sourceforge.net/p/astlinux/code/7457
Author: abelbeck
Date: 2016-01-15 00:44:27 +0000 (Fri, 15 Jan 2016)
Log Message:
-----------
openssh, 'UseRoaming' security fix: CVE-2016-0777, CVE-2016-0778
Added Paths:
-----------
branches/1.0/package/openssh/openssh-UseRoaming-CVE-2016-0777-CVE-2016-0778.patch
Added: branches/1.0/package/openssh/openssh-UseRoaming-CVE-2016-0777-CVE-2016-0778.patch
===================================================================
--- branches/1.0/package/openssh/openssh-UseRoaming-CVE-2016-0777-CVE-2016-0778.patch (rev 0)
+++ branches/1.0/package/openssh/openssh-UseRoaming-CVE-2016-0777-CVE-2016-0778.patch 2016-01-15 00:44:27 UTC (rev 7457)
@@ -0,0 +1,43 @@
+Experimental roaming code in the ssh client could be tricked by a
+hostile sshd server, potentially leaking key material.
+CVE-2016-0777 and CVE-2016-0778.
+Prevent this problem immediately by adding the line "UseRoaming no" to
+/etc/ssh/ssh_config.
+
+Index: usr.bin/ssh/readconf.c
+===================================================================
+--- openssh-6.6p1/readconf.c 30 Jul 2015 00:01:34 -0000
++++ openssh-6.6p1/readconf.c 13 Jan 2016 23:17:23 -0000
+@@ -1556,7 +1556,7 @@ initialize_options(Options * options)
+ options->tun_remote = -1;
+ options->local_command = NULL;
+ options->permit_local_command = -1;
+- options->use_roaming = -1;
++ options->use_roaming = 0;
+ options->visual_host_key = -1;
+ options->ip_qos_interactive = -1;
+ options->ip_qos_bulk = -1;
+@@ -1723,8 +1723,7 @@ fill_default_options(Options * options)
+ options->tun_remote = SSH_TUNID_ANY;
+ if (options->permit_local_command == -1)
+ options->permit_local_command = 0;
+- if (options->use_roaming == -1)
+- options->use_roaming = 1;
++ options->use_roaming = 0;
+ if (options->visual_host_key == -1)
+ options->visual_host_key = 0;
+ if (options->ip_qos_interactive == -1)
+Index: usr.bin/ssh/ssh.c
+===================================================================
+--- openssh-6.6p1/ssh.c 30 Jul 2015 00:01:34 -0000
++++ openssh-6.6p1/ssh.c 13 Jan 2016 23:17:23 -0000
+@@ -1729,9 +1729,6 @@ ssh_session2(void)
+ fork_postauth();
+ }
+
+- if (options.use_roaming)
+- request_roaming();
+-
+ return client_loop(tty_flag, tty_flag ?
+ options.escape_char : SSH_ESCAPECHAR_NONE, id);
+ }
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
