mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-12-11 16:23:26 +00:00
10c832d054
Fixes a critical security bug allowing remote code execution as root:
<https://www.openssh.com/txt/release-9.8>
This may be CVE-2024-6387 (currently embargoed):
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387>
Thanks to upstream and Sam James <sam@gentoo.org> for the backport:
<1633ef4547>
20 lines
508 B
Diff
20 lines
508 B
Diff
https://bugs.gentoo.org/935271
|
|
Backport proposed by upstream at https://marc.info/?l=oss-security&m=171982317624594&w=2.
|
|
--- a/log.c
|
|
+++ b/log.c
|
|
@@ -451,12 +451,14 @@ void
|
|
sshsigdie(const char *file, const char *func, int line, int showfunc,
|
|
LogLevel level, const char *suffix, const char *fmt, ...)
|
|
{
|
|
+#ifdef SYSLOG_R_SAFE_IN_SIGHAND
|
|
va_list args;
|
|
|
|
va_start(args, fmt);
|
|
sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL,
|
|
suffix, fmt, args);
|
|
va_end(args);
|
|
+#endif
|
|
_exit(1);
|
|
}
|
|
|