[gentoo-announce] [ GLSA 201911-01 ] OpenSSH: Integer overflow - gentoo-announce

From:	Aaron Bauman <bman@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 201911-01 ] OpenSSH: Integer overflow
Date:	Thu, 07 Nov 2019 19:12:43
Message-Id:	`20191107190310.GA35641@bubba.lan`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201911-01

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: OpenSSH: Integer overflow

9

     Date: November 07, 2019

10

     Bugs: #697046

11

       ID: 201911-01

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

An integer overflow in OpenSSH might allow an attacker to execute

19

arbitrary code.

20

21

Background

22

==========

23

24

OpenSSH is a complete SSH protocol implementation that includes SFTP

25

client and server support.

26

27

Affected packages

28

=================

29

30

    -------------------------------------------------------------------

31

     Package              /     Vulnerable     /            Unaffected

32

    -------------------------------------------------------------------

33

  1  net-misc/openssh           >= 8.0_p1-r2             >= 8.0_p1-r4 

34

35

Description

36

===========

37

38

OpenSSH, when built with "xmss" USE flag enabled, has a

39

pre-authentication integer overflow if a client or server is configured

40

to use a crafted XMSS key.

41

42

NOTE: This USE flag is disabled by default!

43

44

Impact

45

======

46

47

A remote attacker could connect to a vulnerable OpenSSH server using a

48

special crafted XMSS key possibly resulting in execution of arbitrary

49

code with the privileges of the process or a Denial of Service

50

condition.

51

52

Workaround

53

==========

54

55

Disable XMSS key type.

56

57

Resolution

58

==========

59

60

All OpenSSH users should upgrade to the latest version:

61

62

  # emerge --sync

63

  # emerge --ask --oneshot -v ">=net-misc/openssh/openssh-8.0_p1-r4"

64

65

References

66

==========

67

68

[ 1 ] CVE-2019-16905

69

      https://nvd.nist.gov/vuln/detail/CVE-2019-16905

70

71

Availability

72

============

73

74

This GLSA and any updates to it are available for viewing at

75

the Gentoo Security Website:

76

77

 https://security.gentoo.org/glsa/201911-01

78

79

Concerns?

80

=========

81

82

Security is a primary focus of Gentoo Linux and ensuring the

83

confidentiality and security of our users' machines is of utmost

84

importance to us. Any security concerns should be addressed to

85

security@g.o or alternatively, you may file a bug at

86

https://bugs.gentoo.org.

87

88

License

89

=======

90

91

Copyright 2019 Gentoo Foundation, Inc; referenced text

92

belongs to its owner(s).

93

94

The contents of this document are licensed under the

95

Creative Commons - Attribution / Share Alike license.

96

97

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201911-01
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: OpenSSH: Integer overflow
9	Date: November 07, 2019
10	Bugs: #697046
11	ID: 201911-01
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	An integer overflow in OpenSSH might allow an attacker to execute
19	arbitrary code.
20
21	Background
22	==========
23
24	OpenSSH is a complete SSH protocol implementation that includes SFTP
25	client and server support.
26
27	Affected packages
28	=================
29
30	-------------------------------------------------------------------
31	Package / Vulnerable / Unaffected
32	-------------------------------------------------------------------
33	1 net-misc/openssh >= 8.0_p1-r2 >= 8.0_p1-r4
34
35	Description
36	===========
37
38	OpenSSH, when built with "xmss" USE flag enabled, has a
39	pre-authentication integer overflow if a client or server is configured
40	to use a crafted XMSS key.
41
42	NOTE: This USE flag is disabled by default!
43
44	Impact
45	======
46
47	A remote attacker could connect to a vulnerable OpenSSH server using a
48	special crafted XMSS key possibly resulting in execution of arbitrary
49	code with the privileges of the process or a Denial of Service
50	condition.
51
52	Workaround
53	==========
54
55	Disable XMSS key type.
56
57	Resolution
58	==========
59
60	All OpenSSH users should upgrade to the latest version:
61
62	# emerge --sync
63	# emerge --ask --oneshot -v ">=net-misc/openssh/openssh-8.0_p1-r4"
64
65	References
66	==========
67
68	[ 1 ] CVE-2019-16905
69	https://nvd.nist.gov/vuln/detail/CVE-2019-16905
70
71	Availability
72	============
73
74	This GLSA and any updates to it are available for viewing at
75	the Gentoo Security Website:
76
77	https://security.gentoo.org/glsa/201911-01
78
79	Concerns?
80	=========
81
82	Security is a primary focus of Gentoo Linux and ensuring the
83	confidentiality and security of our users' machines is of utmost
84	importance to us. Any security concerns should be addressed to
85	security@g.o or alternatively, you may file a bug at
86	https://bugs.gentoo.org.
87
88	License
89	=======
90
91	Copyright 2019 Gentoo Foundation, Inc; referenced text
92	belongs to its owner(s).
93
94	The contents of this document are licensed under the
95	Creative Commons - Attribution / Share Alike license.
96
97	https://creativecommons.org/licenses/by-sa/2.5