Hello community, here is the log from the commit of package openssh checked in at Thu Sep 13 18:53:54 CEST 2007. -------- --- openssh/openssh.changes 2007-08-28 18:28:53.000000000 +0200 +++ /mounts/work_src_done/STABLE/openssh/openssh.changes 2007-09-13 15:50:49.000000000 +0200 @@ -1,0 +2,5 @@ +Thu Sep 13 15:50:39 CEST 2007 - nadvornik@suse.cz + +- fixed checking of an untrusted cookie, CVE-2007-4752 [#308521] + +------------------------------------------------------------------- New: ---- openssh-4.6p1-untrusted-cookie-CVE-2007-4752.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssh-askpass-gnome.spec ++++++ --- /var/tmp/diff_new_pack.SK1940/_old 2007-09-13 18:53:01.000000000 +0200 +++ /var/tmp/diff_new_pack.SK1940/_new 2007-09-13 18:53:01.000000000 +0200 @@ -15,7 +15,7 @@ License: BSD 3-Clause Group: Productivity/Networking/SSH Version: 4.6p1 -Release: 53 +Release: 60 Requires: openssh = %{version} openssh-askpass = %{version} Autoreqprov: on Summary: A GNOME-Based Passphrase Dialog for OpenSSH ++++++ openssh.spec ++++++ --- /var/tmp/diff_new_pack.SK1940/_old 2007-09-13 18:53:01.000000000 +0200 +++ /var/tmp/diff_new_pack.SK1940/_new 2007-09-13 18:53:01.000000000 +0200 @@ -29,7 +29,7 @@ Conflicts: nonfreessh Autoreqprov: on Version: 4.6p1 -Release: 47 +Release: 53 %define xversion 1.2.4.1 Summary: Secure Shell Client and Server (Remote Login Program) URL: http://www.openssh.com/ @@ -64,6 +64,7 @@ Patch43: %{name}-%{version}-default-protocol.diff Patch44: %{name}-%{version}-audit.patch Patch45: %{name}-%{version}-challenge.patch +Patch46: %{name}-%{version}-untrusted-cookie-CVE-2007-4752.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %package askpass Summary: A passphrase dialog for OpenSSH and the X Window System @@ -155,6 +156,7 @@ %patch43 %patch44 -p1 %patch45 +%patch46 cp -v %{SOURCE4} . cp -v %{SOURCE6} . cd ../x11-ssh-askpass-%{xversion} @@ -298,6 +300,8 @@ %config %_appdefdir/SshAskpass %changelog +* Thu Sep 13 2007 - nadvornik@suse.cz +- fixed checking of an untrusted cookie, CVE-2007-4752 [#308521] * Tue Aug 28 2007 - anicka@suse.cz - fix blocksigalrm patch to set old signal mask after writing the log in every case [#304819] ++++++ openssh-4.6p1-untrusted-cookie-CVE-2007-4752.diff ++++++ --- clientloop.c +++ clientloop.c @@ -290,19 +290,29 @@ generated = 1; } } - snprintf(cmd, sizeof(cmd), - "%s %s%s list %s 2>" _PATH_DEVNULL, - xauth_path, - generated ? "-f " : "" , - generated ? xauthfile : "", - display); - debug2("x11_get_proto: %s", cmd); - f = popen(cmd, "r"); - if (f && fgets(line, sizeof(line), f) && - sscanf(line, "%*s %511s %511s", proto, data) == 2) - got_data = 1; - if (f) - pclose(f); + + /* + * When in untrusted mode, we read the cookie only if it was + * successfully generated as an untrusted one in the step + * above. + */ + if (trusted || generated) { + snprintf(cmd, sizeof(cmd), + "%s %s%s list %s 2>" _PATH_DEVNULL, + xauth_path, + generated ? "-f " : "" , + generated ? xauthfile : "", + display); + debug2("x11_get_proto: %s", cmd); + f = popen(cmd, "r"); + if (f && fgets(line, sizeof(line), f) && + sscanf(line, "%*s %511s %511s", proto, data) == 2) + got_data = 1; + if (f) + pclose(f); + } else + error("Warning: untrusted X11 forwarding setup failed: " + "xauth key data not generated"); } if (do_unlink) { ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org