[gsi-openssh/el6] Security fix for vulnerability

Mattias Ellert ellert at fedoraproject.org
Sat Apr 6 14:55:53 UTC 2013 

commit 77d18f5ba10f46a2941472cacd8cb7e2d44fc178
Author: Mattias Ellert <mattias.ellert at fysast.uu.se>
Date:   Sat Apr 6 16:49:09 2013 +0200

    Security fix for vulnerability
    
        http://grid.ncsa.illinois.edu/ssh/pamuserchange-2013-01.adv
        https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2013-5168

 gsi-openssh.spec           |    7 ++++++-
 openssh-5.3p1-gsissh.patch |    6 ++++--
 2 files changed, 10 insertions(+), 3 deletions(-)
---
diff --git a/gsi-openssh.spec b/gsi-openssh.spec
index 87c7c7f..c06f22d 100644
--- a/gsi-openssh.spec
+++ b/gsi-openssh.spec
@@ -37,7 +37,7 @@
 Summary: An implementation of the SSH protocol with GSI authentication
 Name: gsi-openssh
 Version: 5.3p1
-Release: 8%{?dist}
+Release: 9%{?dist}
 Provides: gsissh = %{version}-%{release}
 Obsoletes: gsissh < 5.3p1-3
 URL: http://www.openssh.com/portable.html
@@ -474,6 +474,11 @@ fi
 %attr(0640,root,root) %config(noreplace) /etc/sysconfig/gsisshd
 
 %changelog
+* Sat Apr 06 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 5.3p1-9
+- Security fix for vulnerability
+    http://grid.ncsa.illinois.edu/ssh/pamuserchange-2013-01.adv
+    https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2013-5168
+
 * Tue Feb 26 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 5.3p1-8
 - Based on openssh-5.3p1-84.1.el6
 
diff --git a/openssh-5.3p1-gsissh.patch b/openssh-5.3p1-gsissh.patch
index ed95f96..75116a0 100644
--- a/openssh-5.3p1-gsissh.patch
+++ b/openssh-5.3p1-gsissh.patch
@@ -374,7 +374,7 @@ diff -Nur openssh-5.3p1.orig/auth-pam.c openssh-5.3p1/auth-pam.c
  typedef pid_t sp_pthread_t;
  #endif
  
-@@ -272,6 +276,49 @@
+@@ -272,6 +276,51 @@
  # define pam_chauthtok(a,b)	(sshpam_chauthtok_ruid((a), (b)))
  #endif
  
@@ -414,8 +414,10 @@ diff -Nur openssh-5.3p1.orig/auth-pam.c openssh-5.3p1/auth-pam.c
 +			fatal("PAM: could not get passwd entry for user "
 +			    "'%.100s' provided by PAM_USER", user);
 +		pwfree(sshpam_authctxt->pw);
-+		sshpam_authctxt->pw = pw;
++		sshpam_authctxt->pw = pwcopy(pw);
 +		sshpam_authctxt->valid = allowed_user(pw);
++		xfree(sshpam_authctxt->user);
++		sshpam_authctxt->user = xstrdup(user);
 +		debug("PAM: user '%.100s' now %svalid", user,
 +		    sshpam_authctxt->valid ? "" : "in");
 +	}

More information about the scm-commits mailing list