openssh: Fix pre-authentication remote code execution in sshd.

Reported by: Qualys Threat Research Unit (TRU) Approved by: so Security: FreeBSD-SA-24:04.openssh Security: CVE-2024-6387 Change sshd version string from FreeBSD to CheriBSD as what we're publishing doesn't match FreeBSD-20240701. (cherry picked from commit 2abea9d) (cherry picked from commit 1ba73df)
CTSRD-CHERI · Jul 3, 2024 · 5524426 · 5524426
1 parent 70a9eec
commit 5524426
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/crypto/openssh/log.c b/crypto/openssh/log.c
@@ -451,12 +451,14 @@ void
 sshsigdie(const char *file, const char *func, int line, int showfunc,
     LogLevel level, const char *suffix, const char *fmt, ...)
 {
+#if 0
 	va_list args;
 
 	va_start(args, fmt);
 	sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL,
 	    suffix, fmt, args);
 	va_end(args);
+#endif
 	_exit(1);
 }
 

diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h
@@ -5,4 +5,4 @@
 #define SSH_PORTABLE	"p1"
 #define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
 
-#define SSH_VERSION_FREEBSD	"FreeBSD-20231004"
+#define SSH_VERSION_FREEBSD	"FreeBSD-20240701"