Bug 22104

Summary: openssh new security issue CVE-2017-15906
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: guillomovitch, herman.viaene, marja11, sysadmin-bugs
Version: 6Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA6-32-OK
Source RPM: openssh-7.5p1-3.mga7.src.rpm CVE:
Status comment:
Bug Depends on:    
Bug Blocks: 19987    

Description David Walser 2017-11-30 21:39:17 CET 
Fedora has issued an advisory on November 28:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VZIQDU7D6MLXFXZ4R3ZG2FCH6EDR3MBD/

The RedHat bug links to the upstream commit that fixed the issue:
https://bugzilla.redhat.com/show_bug.cgi?id=1506630

Mageia 5 and Mageia 6 are also affected.
David Walser 2017-11-30 21:39:27 CET

Blocks: (none) => 19987
Whiteboard: (none) => MGA6TOO, MGA5TOO

Comment 1 Marja Van Waes 2017-11-30 21:50:15 CET 
Assigning to the registered openssh maintainer.

CC: (none) => marja11

Comment 2 David Walser 2017-12-27 23:50:31 CET 
Guillaume updated to OpenSSH 7.6p1 in Cauldron, which fixes this.

Whiteboard: MGA6TOO, MGA5TOO => MGA5TOO
Version: Cauldron => 6

Comment 3 David Walser 2017-12-28 02:05:47 CET 
Advisory:
========================

Updated openssh packages fix security vulnerability:

The process_open function in sftp-server.c in OpenSSH before 7.6 does not
properly prevent write operations in readonly mode, which allows attackers to
create zero-length files (CVE-2017-15906).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15906
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VZIQDU7D6MLXFXZ4R3ZG2FCH6EDR3MBD/
========================

Updated packages in core/updates_testing:
========================
openssh-7.5p1-2.1.mga6
openssh-clients-7.5p1-2.1.mga6
openssh-server-7.5p1-2.1.mga6
openssh-askpass-common-7.5p1-2.1.mga6
openssh-askpass-7.5p1-2.1.mga6
openssh-askpass-gnome-7.5p1-2.1.mga6
openssh-ldap-7.5p1-2.1.mga6

from openssh-7.5p1-2.1.mga6.src.rpm

Assignee: guillomovitch => qa-bugs
Whiteboard: MGA5TOO => (none)
CC: (none) => guillomovitch

Comment 4 Herman Viaene 2017-12-28 17:00:09 CET 
MGA6-32 on Dell Latitude D600
No installation issues
Found no previous examples of testing in bugs or Wiki, so tried my own
# systemctl start sshd
# systemctl -l status sshd
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since do 2017-12-28 16:33:18 CET; 19s ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 28318 (sshd)
   CGroup: /system.slice/sshd.service
           └─28318 /usr/sbin/sshd -D

dec 28 16:33:18 xxxx systemd[1]: Starting OpenSSH server daemon...
dec 28 16:33:18 xxxx sshd[28318]: Server listening on 0.0.0.0 port 22.
dec 28 16:33:18 xxxx sshd[28318]: Server listening on :: port 22.
dec 28 16:33:18 xxxx systemd[1]: Started OpenSSH server daemon.
and for client
ssh <user>@<mydesktop>
Password: 
[xxxx@yyyy ~]$ cd Documents/
[xxxx@yyyy Documents]$ ls
empty.odb
seems all OK

Whiteboard: (none) => MGA6-32-OK
CC: (none) => herman.viaene

Comment 5 Lewis Smith 2017-12-31 15:22:43 CET 
Quick work, Herman. 1 architecture 1 release OK -> validate!

Keywords: (none) => advisory, validated_update
CC: (none) => sysadmin-bugs

Comment 6 Mageia Robot 2017-12-31 16:15:39 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2017-0483.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED