diff options
author | Archana Polampalli <archana.polampalli@windriver.com> | 2023-07-28 12:28:40 +0000 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2023-07-28 06:42:21 -1000 |
commit | 3c01159ab6a843fc922cf779b022c965d4ecd453 (patch) | |
tree | e8dfddabf754cc6c21aedc42963aff0b7a3c310a /meta/recipes-connectivity/openssh/openssh_8.9p1.bb | |
parent | 9b9f88d8828ee822635ed645cc192829fecec39e (diff) | |
download | openembedded-core-contrib-3c01159ab6a843fc922cf779b022c965d4ecd453.tar.gz |
openssh: fix CVE-2023-38408
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an
insufficiently trustworthy search path, leading to remote code
execution if an agent is forwarded to an attacker-controlled system.
(Code in /usr/lib is not necessarily safe for loading into ssh-agent.)
NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-38408
Upstream patches:
https://github.com/openssh/openssh-portable/commit/892506b13654301f69f9545f48213fc210e5c5cc
https://github.com/openssh/openssh-portable/commit/1f2731f5d7a8f8a8385c6031667ed29072c0d92a
https://github.com/openssh/openssh-portable/commit/29ef8a04866ca14688d5b7fed7b8b9deab851f77
https://github.com/openssh/openssh-portable/commit/099cdf59ce1e72f55d421c8445bf6321b3004755
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-connectivity/openssh/openssh_8.9p1.bb')
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh_8.9p1.bb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb index b403b355a6..da7ab7716c 100644 --- a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb @@ -28,6 +28,10 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://0001-Default-to-not-using-sandbox-when-cross-compiling.patch \ file://7280401bdd77ca54be6867a154cc01e0d72612e0.patch \ file://0001-upstream-include-destination-constraints-for-smartca.patch \ + file://CVE-2023-38408-0001.patch \ + file://CVE-2023-38408-0002.patch \ + file://CVE-2023-38408-0003.patch \ + file://CVE-2023-38408-0004.patch \ " SRC_URI[sha256sum] = "fd497654b7ab1686dac672fb83dfb4ba4096e8b5ffcdaccd262380ae58bec5e7" |