Bug#702173: pu: package openssh/1:5.5p1-6+squeeze3

Sun, 03 Mar 2013 06:39:23 -0800 

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: pu

Moritz Muehlenhoff asked me to take care of a minor security issue (a
potential post-authentication DoS in some configurations;
https://security-tracker.debian.org/tracker/CVE-2011-5000).  I don't
think this is a big deal for a DSA, but it'd be good to fix it in
stable.

I can upload the following patch once I have the OK to do so.

diff -Nru openssh-5.5p1/debian/changelog openssh-5.5p1/debian/changelog
--- openssh-5.5p1/debian/changelog      2013-02-08 21:39:18.000000000 +0000
+++ openssh-5.5p1/debian/changelog      2013-03-03 14:14:05.000000000 +0000
@@ -1,3 +1,10 @@
+openssh (1:5.5p1-6+squeeze4) stable; urgency=low
+
+  * CVE-2011-5000: Fix potential int overflow when using gssapi-with-mac
+    authentation.
+
+ -- Colin Watson <cjwat...@debian.org>  Sun, 03 Mar 2013 14:14:03 +0000
+
 openssh (1:5.5p1-6+squeeze3) stable; urgency=low
 
   * CVE-2010-5107: Improve DoS resistance by changing default of MaxStartups
diff -Nru openssh-5.5p1/debian/patches/gss-serv-int-overflow.patch 
openssh-5.5p1/debian/patches/gss-serv-int-overflow.patch
--- openssh-5.5p1/debian/patches/gss-serv-int-overflow.patch    1970-01-01 
01:00:00.000000000 +0100
+++ openssh-5.5p1/debian/patches/gss-serv-int-overflow.patch    2013-03-03 
13:55:52.000000000 +0000
@@ -0,0 +1,19 @@
+Description: Fix potential int overflow when using gssapi-with-mac auth
+Author: Markus Friedl
+Origin: 
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/gss-serv.c?r1=1.23#rev1.23
+Forwarded: not-needed
+Last-Update: 2013-02-03
+
+Index: b/gss-serv.c
+===================================================================
+--- a/gss-serv.c
++++ b/gss-serv.c
+@@ -266,6 +266,8 @@
+       name->length = get_u32(tok+offset);
+       offset += 4;
+ 
++      if (UINT_MAX - offset < name->length)
++              return GSS_S_FAILURE;
+       if (ename->length < offset+name->length)
+               return GSS_S_FAILURE;
+ 
diff -Nru openssh-5.5p1/debian/patches/series 
openssh-5.5p1/debian/patches/series
--- openssh-5.5p1/debian/patches/series 2013-02-08 21:36:03.000000000 +0000
+++ openssh-5.5p1/debian/patches/series 2013-03-03 13:56:16.000000000 +0000
@@ -30,6 +30,7 @@
 # Security fixes
 forced-command-debug-security.patch
 max-startups-default.patch
+gss-serv-int-overflow.patch
 
 # Versioning
 package-versioning.patch

Thanks,

-- 
Colin Watson                                       [cjwat...@debian.org]


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20130303143805.ga8...@riva.dynamic.greenend.org.uk

Reply via email to