Bug 22104 - openssh new security issue CVE-2017-15906
Summary: openssh new security issue CVE-2017-15906
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-32-OK
Keywords: advisory, validated_update
Depends on:
Blocks: 19987
  Show dependency treegraph
 
Reported: 2017-11-30 21:39 CET by David Walser
Modified: 2017-12-31 16:15 CET (History)
4 users (show)

See Also:
Source RPM: openssh-7.5p1-3.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2017-11-30 21:39:17 CET 
Fedora has issued an advisory on November 28:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VZIQDU7D6MLXFXZ4R3ZG2FCH6EDR3MBD/

The RedHat bug links to the upstream commit that fixed the issue:
https://bugzilla.redhat.com/show_bug.cgi?id=1506630

Mageia 5 and Mageia 6 are also affected.
David Walser 2017-11-30 21:39:27 CET

Blocks: (none) => 19987
Whiteboard: (none) => MGA6TOO, MGA5TOO

Comment 1 Marja Van Waes 2017-11-30 21:50:15 CET 
Assigning to the registered openssh maintainer.

CC: (none) => marja11

Comment 2 David Walser 2017-12-27 23:50:31 CET 
Guillaume updated to OpenSSH 7.6p1 in Cauldron, which fixes this.

Whiteboard: MGA6TOO, MGA5TOO => MGA5TOO
Version: Cauldron => 6

Comment 3 David Walser 2017-12-28 02:05:47 CET 
Advisory:
========================

Updated openssh packages fix security vulnerability:

The process_open function in sftp-server.c in OpenSSH before 7.6 does not
properly prevent write operations in readonly mode, which allows attackers to
create zero-length files (CVE-2017-15906).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15906
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VZIQDU7D6MLXFXZ4R3ZG2FCH6EDR3MBD/
========================

Updated packages in core/updates_testing:
========================
openssh-7.5p1-2.1.mga6
openssh-clients-7.5p1-2.1.mga6
openssh-server-7.5p1-2.1.mga6
openssh-askpass-common-7.5p1-2.1.mga6
openssh-askpass-7.5p1-2.1.mga6
openssh-askpass-gnome-7.5p1-2.1.mga6
openssh-ldap-7.5p1-2.1.mga6

from openssh-7.5p1-2.1.mga6.src.rpm

Assignee: guillomovitch => qa-bugs
Whiteboard: MGA5TOO => (none)
CC: (none) => guillomovitch

Comment 4 Herman Viaene 2017-12-28 17:00:09 CET 
MGA6-32 on Dell Latitude D600
No installation issues
Found no previous examples of testing in bugs or Wiki, so tried my own
# systemctl start sshd
# systemctl -l status sshd
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since do 2017-12-28 16:33:18 CET; 19s ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 28318 (sshd)
   CGroup: /system.slice/sshd.service
           └─28318 /usr/sbin/sshd -D

dec 28 16:33:18 xxxx systemd[1]: Starting OpenSSH server daemon...
dec 28 16:33:18 xxxx sshd[28318]: Server listening on 0.0.0.0 port 22.
dec 28 16:33:18 xxxx sshd[28318]: Server listening on :: port 22.
dec 28 16:33:18 xxxx systemd[1]: Started OpenSSH server daemon.
and for client
ssh <user>@<mydesktop>
Password: 
[xxxx@yyyy ~]$ cd Documents/
[xxxx@yyyy Documents]$ ls
empty.odb
seems all OK

Whiteboard: (none) => MGA6-32-OK
CC: (none) => herman.viaene

Comment 5 Lewis Smith 2017-12-31 15:22:43 CET 
Quick work, Herman. 1 architecture 1 release OK -> validate!

Keywords: (none) => advisory, validated_update
CC: (none) => sysadmin-bugs

Comment 6 Mageia Robot 2017-12-31 16:15:39 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2017-0483.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.