openssh: Fix pre-authentication remote code execution in sshd.

Reported by: Qualys Threat Research Unit (TRU) Approved by: so Security: FreeBSD-SA-24:04.openssh Security: CVE-2024-6387 (cherry picked from commit 2abea9df01) (cherry picked from commit 25cf430cd5)
2024-11-26 20:12:44 +00:00 · 2024-07-01 16:20:01 +08:00 · 2024-07-01 16:20:01 +08:00 · 1980b3dfa1
commit 1980b3dfa1
parent 6f545abb9a
2 changed files with 3 additions and 1 deletions
--- a/crypto/openssh/log.c
+++ b/crypto/openssh/log.c
@ -451,12 +451,14 @@ void
 sshsigdie(const char *file, const char *func, int line, int showfunc,
    LogLevel level, const char *suffix, const char *fmt, ...)
 {
+#if 0
 	va_list args;

 	va_start(args, fmt);
 	sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL,
 	    suffix, fmt, args);
 	va_end(args);
+#endif
 	_exit(1);
 }

--- a/crypto/openssh/version.h
+++ b/crypto/openssh/version.h
@ -6,4 +6,4 @@
 #define SSH_PORTABLE	"p1"
 #define SSH_RELEASE	SSH_VERSION SSH_PORTABLE

-#define SSH_VERSION_FREEBSD	"FreeBSD-20230719"
+#define SSH_VERSION_FREEBSD	"FreeBSD-20240701"