diff options
author | Kamil Dudka <kdudka@redhat.com> | 2016-02-24 09:08:02 +0100 |
---|---|---|
committer | Kamil Dudka <kdudka@redhat.com> | 2016-02-24 09:08:02 +0100 |
commit | 2d448ce0839973362cc5ff0bba0cf74191175e3f (patch) | |
tree | 07a34b41b18e7fc6fe743565571a9db07bbcc3ab | |
parent | Update to 1.7.0 (diff) | |
download | libssh2-freefilesync-2d448ce0839973362cc5ff0bba0cf74191175e3f.tar.gz libssh2-freefilesync-2d448ce0839973362cc5ff0bba0cf74191175e3f.tar.bz2 libssh2-freefilesync-2d448ce0839973362cc5ff0bba0cf74191175e3f.zip |
Resolves: CVE-2016-0787 - diffie_hellman_sha1: Convert bytes to bits
-rw-r--r-- | CVE-2016-0787.patch | 30 | ||||
-rw-r--r-- | libssh2.spec | 9 |
2 files changed, 38 insertions, 1 deletions
diff --git a/CVE-2016-0787.patch b/CVE-2016-0787.patch new file mode 100644 index 0000000..8827c5d --- /dev/null +++ b/CVE-2016-0787.patch @@ -0,0 +1,30 @@ +From 8a453a7b0f1e667b7369eb73b00843a8decdecc9 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Thu, 11 Feb 2016 13:52:20 +0100 +Subject: [PATCH] diffie_hellman_sha1: convert bytes to bits + +As otherwise we get far too small numbers. + +CVE-2016-0787 + +Signed-off-by: Kamil Dudka <kdudka@redhat.com> +--- + src/kex.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/kex.c b/src/kex.c +index 6349457..e89b36c 100644 +--- a/src/kex.c ++++ b/src/kex.c +@@ -133,7 +133,7 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session, + memset(&exchange_state->req_state, 0, sizeof(packet_require_state_t)); + + /* Generate x and e */ +- _libssh2_bn_rand(exchange_state->x, group_order, 0, -1); ++ _libssh2_bn_rand(exchange_state->x, group_order * 8 - 1, 0, -1); + _libssh2_bn_mod_exp(exchange_state->e, g, exchange_state->x, p, + exchange_state->ctx); + +-- +2.7.0 + diff --git a/libssh2.spec b/libssh2.spec index 8fba1eb..c071267 100644 --- a/libssh2.spec +++ b/libssh2.spec @@ -12,13 +12,14 @@ Name: libssh2 Version: 1.7.0 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A library implementing the SSH2 protocol Group: System Environment/Libraries License: BSD URL: http://www.libssh2.org/ Source0: http://libssh2.org/download/libssh2-%{version}.tar.gz Patch0: libssh2-1.4.2-utf8.patch +Patch2: CVE-2016-0787.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu) BuildRequires: coreutils BuildRequires: findutils @@ -77,6 +78,9 @@ sed -i s/4711/47%{?__isa_bits}/ tests/ssh2.{c,sh} # Make sure things are UTF-8... %patch0 -p1 +# diffie_hellman_sha1: Convert bytes to bits (additional fix for CVE-2016-0787) +%patch2 -p1 + # Make sshd transition appropriately if building in an SELinux environment %if !(0%{?fedora} >= 17 || 0%{?rhel} >= 7) chcon $(/usr/sbin/matchpathcon -n /etc/rc.d/init.d/sshd) tests/ssh2.sh || : @@ -154,6 +158,9 @@ rm -rf %{buildroot} %{_libdir}/pkgconfig/libssh2.pc %changelog +* Wed Feb 24 2016 Kamil Dudka <kdudka@redhat.com> - 1.7.0-2 +- diffie_hellman_sha1: Convert bytes to bits (additional fix for CVE-2016-0787) + * Tue Feb 23 2016 Paul Howarth <paul@city-fan.org> - 1.7.0-1 - Update to 1.7.0 - diffie_hellman_sha256: Convert bytes to bits (CVE-2016-0787); see |