Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Deepin Integration]~[V23-Release] SECURITY: Race condition in sshd by UTsweetyfish@deepin-community/openssh by deepin-community-ci-bot[bot] #9500

Closed
deepin-bot bot opened this issue Jul 1, 2024 · 5 comments
Closed

[Deepin Integration]~[V23-Release] SECURITY: Race condition in sshd by UTsweetyfish@deepin-community/openssh by deepin-community-ci-bot[bot] #9500

deepin-bot bot opened this issue Jul 1, 2024 · 5 comments
Assignees
@Zeno-sole
Labels
Project:integrated 集成管理相关 罗鑫思 罗鑫思
Milestone
V23-Release

Comments

@deepin-bot
Copy link

deepin-bot bot commented Jul 1, 2024
edited
Loading

Package information | 软件包信息

包名 版本
openssh 1:9.7p1-4deepin2

Package repository address | 软件包仓库地址

deb [trusted=yes] https://ci.deepin.com/repo/obs/deepin:/CI:/TestingIntegration:/test-integration-pr-1674/testing/ ./

Changelog | 更新信息

openssh (1:9.7p1-4deepin2) unstable; urgency=high
@deepin-bot deepin-bot bot added the Project:integrated 集成管理相关 label Jul 1, 2024
@deepin-bot deepin-bot bot added this to the V23-Release milestone Jul 1, 2024
@deepin-bot deepin-bot bot moved this to In progress in v23-集成管理 Jul 1, 2024
@github-actions github-actions bot mentioned this issue Jul 1, 2024
Open
@deepin-bot
Copy link
Author

deepin-bot bot commented Jul 1, 2024
edited by UTsweetyfish
Loading

Integration Test Info

CVE-2024-6387

sshd 条件竞争
在 OpenSSH 9.7 中,sshd 存在一个严重漏洞,可能允许以 root 权限执行任意代码。

已验证在具有 ASLR 的 32 位 Linux/glibc 系统上可以成功利用该漏洞。在实验室条件下,攻击平均需要 6-8 小时的连续连接,直至达到服务器可接受的最大值。据信在 64 位系统上可以利用该漏洞,但目前尚未证明。

发布邮件: https://www.openssh.com/releasenotes.html
提交链接: deepin-community/openssh@34ec1b7

Test suggestion | 测试建议

Influence | 影响范围

ADDITIONAL INFORMATION | 额外补充

@deepin-bot
Copy link
Author

deepin-bot bot commented Jul 1, 2024

IntegrationProjector Notify the author
@UTsweetyfish: Integrated issue updated

@deepin-bot
Copy link
Author

deepin-bot bot commented Jul 1, 2024

IntegrationProjector Bot
Deepin Testing Integration Project Manager Info
Link to deepin-community/Repository-Integration#1674

@babyfengfjx babyfengfjx assigned luodeepin and unassigned Zeno-sole and hudeng-go Jul 1, 2024
@babyfengfjx babyfengfjx moved this from In progress to 测试中 in v23-集成管理 Jul 1, 2024
@babyfengfjx babyfengfjx added the 罗鑫思 罗鑫思 label Jul 1, 2024
@babyfengfjx
Copy link

@luodeepin 请优先处理该集成。

@luodeepin
Copy link

测试通过

  1. 包版本正常
  2. ssh正常连接

@luodeepin luodeepin moved this from 测试中 to 测试通过 in v23-集成管理 Jul 1, 2024
@luodeepin luodeepin assigned Zeno-sole and unassigned luodeepin Jul 1, 2024
@UTsweetyfish UTsweetyfish mentioned this issue Jul 1, 2024
Open
@UTsweetyfish UTsweetyfish moved this from 测试通过 to 已推送 in v23-集成管理 Jul 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Zeno-sole Zeno-sole

Labels
Project:integrated 集成管理相关 罗鑫思 罗鑫思
Projects
v23-集成管理
Archived in project
Milestone
V23-Release
Development

No branches or pull requests
4 participants
@babyfengfjx @Zeno-sole @hudeng-go @luodeepin