Bug 29517

Summary:	openssh new security issue CVE-2021-41617
Product:	Mageia	Reporter:	David Walser <luigiwalser>
Component:	Security	Assignee:	QA Team <qa-bugs>
Status:	RESOLVED FIXED	QA Contact:	Sec team <security>
Severity:	normal
Priority:	Normal	CC:	andrewsfarm, guillomovitch, herman.viaene, mageia, sysadmin-bugs
Version:	8	Keywords:	advisory, validated_update
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:	MGA8-64-OK
Source RPM:	openssh-8.4p1-2.1.mga8.src.rpm	CVE:
Status comment:

Description David Walser 2021-10-02 17:08:04 CEST

Fedora has issued an advisory on October 1:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/

The issue is fixed upstream in 8.8p1:
https://www.openwall.com/lists/oss-security/2021/09/26/1
https://www.openssh.com/txt/release-8.8
https://www.openssh.com/security.html

Mageia 8 is also affected.

David Walser 2021-10-02 17:08:28 CEST

Status comment: (none) => Fixed upstream in 8.8p1
Whiteboard: (none) => MGA8TOO

Comment 1 Lewis Smith 2021-10-03 21:29:47 CEST

Assigning to Guillaume for 'openssh'.

Assignee: bugsquad => guillomovitch

Comment 2 David Walser 2021-12-06 19:20:27 CET

openSUSE has issued an advisory for this today (December 6):
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BEK24NI33V77MMNQQN72LO2RGAF23X76/

Comment 3 David Walser 2021-12-14 22:58:38 CET

openssh-8.8p1-1.mga9 uploaded for Cauldron by Guillaume on December 5.

Patched package for Mageia 8 just uploaded by Guillaume.

openssh-8.4p1-2.2.mga8
openssh-clients-8.4p1-2.2.mga8
openssh-askpass-gnome-8.4p1-2.2.mga8
openssh-askpass-common-8.4p1-2.2.mga8
openssh-server-8.4p1-2.2.mga8

from openssh-8.4p1-2.2.mga8.src.rpm

Version: Cauldron => 8
Status comment: Fixed upstream in 8.8p1 => (none)
Whiteboard: MGA8TOO => (none)
CC: (none) => guillomovitch
Assignee: guillomovitch => qa-bugs

PC LX 2021-12-15 01:38:44 CET

CC: (none) => mageia

Comment 4 PC LX 2021-12-16 12:59:27 CET

Installed and tested without issues.

System: Mageia 8, x86_64, Intel CPU.


Tested on several servers, VMs and containers, both as client and server.
Tested using ssh CLI, ansible, virsh, X11 forwarding, port forwarding, etc.
Tested systemd socket activation.
Tested ssh-agent and ask password GUI.
Tested authentication using passwords (enabled just for testing) and keys.
No regressions found.


$ uname -a
Linux marte 5.15.6-desktop-2.mga8 #1 SMP Sat Dec 4 17:31:49 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep openssh | sort
lxqt-openssh-askpass-0.16.0-2.mga8
openssh-8.4p1-2.2.mga8
openssh-askpass-common-8.4p1-2.2.mga8
openssh-askpass-qt5-2.1.0-9.mga8
openssh-clients-8.4p1-2.2.mga8
openssh-server-8.4p1-2.2.mga8

Whiteboard: (none) => MGA8-64-OK

Comment 5 Herman Viaene 2021-12-16 16:09:37 CET

MGA6-64 Plasma on Lenovo B50 in Dutch
No instalation isssues
Testing locally on this machine:
# systemctl start sshd
# systemctl -l status sshd
● sshd.service - OpenSSH server daemon
     Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2021-12-16 15:53:45 CET; 13min ago
       Docs: man:sshd(8)
             man:sshd_config(5)
   Main PID: 6110 (sshd)
      Tasks: 1 (limit: 9396)
     Memory: 1.0M
        CPU: 166ms
     CGroup: /system.slice/sshd.service
             └─6110 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups

dec 16 16:02:15 mach5.hviaene.thuis sshd[7429]: error: maximum authentication attempts exceeded for invalid user tester8@ from 192.168.2.5 port 50028 ssh2 [preauth]
dec 16 16:02:15 mach5.hviaene.thuis sshd[7429]: Disconnecting invalid user tester8@ 192.168.2.5 port 50028: Too many authentication failures [preauth]
dec 16 16:02:15 mach5.hviaene.thuis sshd[7429]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.5
dec 16 16:05:17 mach5.hviaene.thuis sshd[7775]: Connection closed by 192.168.2.5 port 50030 [preauth]
dec 16 16:05:32 mach5.hviaene.thuis sshd[7858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.5  user=tester8
dec 16 16:05:34 mach5.hviaene.thuis sshd[7854]: error: PAM: Authentication failure for tester8 from 192.168.2.5
dec 16 16:05:38 mach5.hviaene.thuis sshd[7854]: Accepted keyboard-interactive/pam for tester8 from 192.168.2.5 port 50032 ssh2
dec 16 16:05:38 mach5.hviaene.thuis sshd[7854]: pam_unix(sshd:session): session opened for user tester8 by (uid=0)
dec 16 16:06:41 mach5.hviaene.thuis sshd[7949]: Accepted keyboard-interactive/pam for tester8 from 192.168.2.5 port 50034 ssh2
dec 16 16:06:41 mach5.hviaene.thuis sshd[7949]: pam_unix(sshd:session): session opened for user tester8 by (uid=0)

As normal user:
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/tester8/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/tester8/.ssh/id_rsa
Your public key has been saved in /home/tester8/.ssh/id_rsa.pub
The key fingerprint is:
etc....

Then I coulld connect from root to my normal user.
Seems OK.

CC: (none) => herman.viaene

Comment 6 Thomas Andrews 2021-12-16 17:21:34 CET

Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Thomas Backlund 2021-12-19 12:46:27 CET

Keywords: (none) => advisory

Comment 7 Mageia Robot 2021-12-19 13:27:29 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0561.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED