• [SECURITY] [DSA 5724-1] openssh security update

    From Salvatore Bonaccorso@21:1/5 to All on Mon Jul 1 10:40:01 2024
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5724-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso
    July 01, 2024 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : openssh
    CVE ID : CVE-2024-6387

    The Qualys Threat Research Unit (TRU) discovered that OpenSSH, an implementation of the SSH protocol suite, is prone to a signal handler
    race condition. If a client does not authenticate within LoginGraceTime
    seconds (120 by default), then sshd's SIGALRM handler is called
    asynchronously and calls various functions that are not
    async-signal-safe. A remote unauthenticated attacker can take advantage
    of this flaw to execute arbitrary code with root privileges. This flaw
    affects sshd in its default configuration.

    Details can be found in the Qualys advisory at https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt

    For the stable distribution (bookworm), this problem has been fixed in
    version 1:9.2p1-2+deb12u3.

    We recommend that you upgrade your openssh packages.

    For the detailed security status of openssh please refer to its security tracker page at:
    https://security-tracker.debian.org/tracker/openssh

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmaCZ8FfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Q4Wg//aZsbkbZGHEu8MB05vKwMdJfyHaGfCdiC5QGLhjqQHTJuNC9zpiHAFopQ R7mwvxNUOvpfPLntsxELiQXFNgr3/y2SdJfWXYuewxegdvPte1vpeixh+EnsN7+l RBnKoLdQZoDZWz/kMRoDhDjAtecJBHbxO+z4GJ+BCRHL+jXbUPc03Q51Q9yhK84a 5XH2ys2obz2BtLUzOH786FTwFo1ddcZh1BaQmFv0gjC2vPUO5ZnFiC2lxXZ5kvrY +BP9YCVATw4M8wWrBqbDzrbL+9c+A1c5QCdzFuPj6O8KduPqG7PvDSiNHuh8Bubs V54zaKuxaDjJi+7gmGND/LqlEgrrXX5tztSUfglmfbX/5ccGeq+3J3ORoTaJcBL1 sFK6DNFGfNrUm+D5fFYOm6VpY9oULoNpk4BrxipvKvxZ2Oe36J7sBnXoQ6OwV9Vv DaijMfzFYo8yNRa1skChw8jOlN49CrN+DKLhUeKmcYIaTBjzB5996vlMxgL/wJxK I1fGmn/bgwBdUnobS18rknhqfwBh1oD9fM7aZlYFbZnVYc+gvJASXf6TxS7ung/c MTbXfArYHBrHrq3URDCemh1oxEpH1/TMmMvO8eCw6YOk9v5RaGVYChSBT/xY9utK MpejGbEpuyRay/liwRm8csA6AYNJsuk0O/K+mftf4SjjltX7b9o=
    =c8CM
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)