From noreply at github.com Mon Jul 1 09:51:23 2024 From: noreply at github.com (Lucas Holt) Date: Mon, 01 Jul 2024 06:51:23 -0700 Subject: [Midnightbsd-cvs] [MidnightBSD/src] 00adcc: A signal handler in sshd(8) calls a function that ... Message-ID: Branch: refs/heads/master Home: https://github.com/MidnightBSD/src Commit: 00adcc7a9437e86efa55284037c3f17a98837579 https://github.com/MidnightBSD/src/commit/00adcc7a9437e86efa55284037c3f17a98837579 Author: Lucas Holt Date: 2024-07-01 (Mon, 01 Jul 2024) Changed paths: M crypto/openssh/log.c M crypto/openssh/version.h Log Message: ----------- A signal handler in sshd(8) calls a function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges. This issue is a regression of CVE-2006-5051 originally reported by Mark Dowd and accidentally reintroduced in OpenSSH 8.5p1. Obtained from: OpenSSH/FreeBSD To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/src/settings/notifications From noreply at github.com Mon Jul 1 09:52:39 2024 From: noreply at github.com (Lucas Holt) Date: Mon, 01 Jul 2024 06:52:39 -0700 Subject: [Midnightbsd-cvs] [MidnightBSD/src] 61f9e2: document security issue Message-ID: Branch: refs/heads/master Home: https://github.com/MidnightBSD/src Commit: 61f9e2e35e0717b5042fe77cdca90adcf75ed9ff https://github.com/MidnightBSD/src/commit/61f9e2e35e0717b5042fe77cdca90adcf75ed9ff Author: Lucas Holt Date: 2024-07-01 (Mon, 01 Jul 2024) Changed paths: M UPDATING Log Message: ----------- document security issue To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/src/settings/notifications From noreply at github.com Mon Jul 1 09:53:07 2024 From: noreply at github.com (Lucas Holt) Date: Mon, 01 Jul 2024 06:53:07 -0700 Subject: [Midnightbsd-cvs] [MidnightBSD/src] 707e96: A signal handler in sshd(8) calls a function that ... Message-ID: Branch: refs/heads/stable/3.2 Home: https://github.com/MidnightBSD/src Commit: 707e967ba5796534418ee8f056e47b2ffa89bcbf https://github.com/MidnightBSD/src/commit/707e967ba5796534418ee8f056e47b2ffa89bcbf Author: Lucas Holt Date: 2024-07-01 (Mon, 01 Jul 2024) Changed paths: M crypto/openssh/log.c M crypto/openssh/version.h Log Message: ----------- A signal handler in sshd(8) calls a function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges. This issue is a regression of CVE-2006-5051 originally reported by Mark Dowd and accidentally reintroduced in OpenSSH 8.5p1. Obtained from: OpenSSH/FreeBSD Commit: a95176a50cb2b504393eed16c9d75555b62b6741 https://github.com/MidnightBSD/src/commit/a95176a50cb2b504393eed16c9d75555b62b6741 Author: Lucas Holt Date: 2024-07-01 (Mon, 01 Jul 2024) Changed paths: M UPDATING Log Message: ----------- document security issue Compare: https://github.com/MidnightBSD/src/compare/ebc3981903f0...a95176a50cb2 To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/src/settings/notifications From noreply at github.com Mon Jul 1 09:56:31 2024 From: noreply at github.com (Lucas Holt) Date: Mon, 01 Jul 2024 06:56:31 -0700 Subject: [Midnightbsd-cvs] [MidnightBSD/src] 49d618: A signal handler in sshd(8) calls a function that ... Message-ID: Branch: refs/heads/stable/3.1 Home: https://github.com/MidnightBSD/src Commit: 49d618a77d51d7d5b705addd02096120ae24b97d https://github.com/MidnightBSD/src/commit/49d618a77d51d7d5b705addd02096120ae24b97d Author: Lucas Holt Date: 2024-07-01 (Mon, 01 Jul 2024) Changed paths: M crypto/openssh/log.c M crypto/openssh/version.h Log Message: ----------- A signal handler in sshd(8) calls a function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges. This issue is a regression of CVE-2006-5051 originally reported by Mark Dowd and accidentally reintroduced in OpenSSH 8.5p1. Obtained from: OpenSSH/FreeBSD Commit: 99535b3ece12c141a176538a4aa9b2a039c5f3f1 https://github.com/MidnightBSD/src/commit/99535b3ece12c141a176538a4aa9b2a039c5f3f1 Author: Lucas Holt Date: 2024-07-01 (Mon, 01 Jul 2024) Changed paths: M UPDATING M sys/conf/newvers.sh Log Message: ----------- bump for openssh cve Compare: https://github.com/MidnightBSD/src/compare/799f334a36b0...99535b3ece12 To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/src/settings/notifications From noreply at github.com Mon Jul 1 09:57:24 2024 From: noreply at github.com (Lucas Holt) Date: Mon, 01 Jul 2024 06:57:24 -0700 Subject: [Midnightbsd-cvs] [MidnightBSD/src] Message-ID: Branch: refs/tags/3.1.6 Home: https://github.com/MidnightBSD/src To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/src/settings/notifications