Upstream has issued an advisory on November 7: http://www.openssh.com/txt/gcmrekey.adv The following command suggests to me that the AES-GCM is enabled in our openssl, which would make this advisory affect us: $ openssl list-cipher-algorithms | grep GCM id-aes128-GCM id-aes192-GCM id-aes256-GCM id-aes128-GCM id-aes192-GCM id-aes256-GCM Oden has applied the upstream patch in openssh-6.2p2-3.mga4: http://svnweb.mageia.org/packages?view=revision&revision=549918 It appears that we should issue an update for Mageia 2 and Mageia 3 as well. Reproducible: Steps to Reproduce:
Patched packages uploaded for Mageia 2 and Mageia 3. Advisory: ======================== Updated openssh packages fix security vulnerability: A memory corruption vulnerability exists in the post-authentication sshd process when an AES-GCM cipher is selected during kex exchange. If exploited, this vulnerability might permit code execution with the privileges of the authenticated user and may therefore allow bypassing restricted shell/command configurations. References: http://www.openssh.com/txt/gcmrekey.adv ======================== Updated packages in core/updates_testing: ======================== openssh-5.9p1-5.2.mga2 openssh-clients-5.9p1-5.2.mga2 openssh-server-5.9p1-5.2.mga2 openssh-askpass-common-5.9p1-5.2.mga2 openssh-askpass-5.9p1-5.2.mga2 openssh-askpass-gnome-5.9p1-5.2.mga2 openssh-6.1p1-4.1.mga3 openssh-clients-6.1p1-4.1.mga3 openssh-server-6.1p1-4.1.mga3 openssh-askpass-common-6.1p1-4.1.mga3 openssh-askpass-6.1p1-4.1.mga3 openssh-askpass-gnome-6.1p1-4.1.mga3 openssh-ldap-6.1p1-4.1.mga3 from SRPMS: openssh-5.9p1-5.2.mga2.src.rpm openssh-6.1p1-4.1.mga3.src.rpm
Assignee: bugsquad => qa-bugsWhiteboard: (none) => MGA2TOO
CVE-2013-4548 has been allocated for this issue: http://openwall.com/lists/oss-security/2013/11/08/3 Hopefully there isn't another CVE for it as well, given the message. Updating the advisory. Advisory: ======================== Updated openssh packages fix security vulnerability: A memory corruption vulnerability exists in the post-authentication sshd process when an AES-GCM cipher is selected during kex exchange. If exploited, this vulnerability might permit code execution with the privileges of the authenticated user and may therefore allow bypassing restricted shell/command configurations (CVE-2013-4548). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4548 http://www.openssh.com/txt/gcmrekey.adv ======================== Updated packages in core/updates_testing: ======================== openssh-5.9p1-5.2.mga2 openssh-clients-5.9p1-5.2.mga2 openssh-server-5.9p1-5.2.mga2 openssh-askpass-common-5.9p1-5.2.mga2 openssh-askpass-5.9p1-5.2.mga2 openssh-askpass-gnome-5.9p1-5.2.mga2 openssh-6.1p1-4.1.mga3 openssh-clients-6.1p1-4.1.mga3 openssh-server-6.1p1-4.1.mga3 openssh-askpass-common-6.1p1-4.1.mga3 openssh-askpass-6.1p1-4.1.mga3 openssh-askpass-gnome-6.1p1-4.1.mga3 openssh-ldap-6.1p1-4.1.mga3 from SRPMS: openssh-5.9p1-5.2.mga2.src.rpm openssh-6.1p1-4.1.mga3.src.rpm
Summary: openssh possible memory corruption vulnerability => openssh possible memory corruption vulnerability (CVE-2013-4548)
====================================================== Name: CVE-2013-4548 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4548 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130612 Category: Reference: MLIST:[oss-security] 20131107 Re: CVE Request - OpenSSH Reference: URL:http://openwall.com/lists/oss-security/2013/11/08/3 Reference: CONFIRM:http://www.openssh.com/txt/gcmrekey.adv The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.
CC: (none) => oe
Ubuntu has issued an advisory for this today (November 8): http://www.ubuntu.com/usn/usn-2014-1/ They classified this as a high severity issue. However, they also say this: mdeslaur> only affects openssh 6.2+ as that is when AES-GCM support was mdeslaur> introduced Which would mean we don't have to issue an update. Closing as INVALID. Note that this was a real issue in Cauldron, and is FIXED there. CC'ing sysadmins as the openssh updates in updates_testing should be removed.
Status: NEW => RESOLVEDURL: (none) => http://lwn.net/Vulnerabilities/573333/CC: (none) => sysadmin-bugsResolution: (none) => INVALID