diff options
| author |   Archana Polampalli <archana.polampalli@windriver.com> | 2023-12-28 06:40:38 +0000 |
|---|---|---|
| committer |   Steve Sakoman <steve@sakoman.com> | 2023-12-28 04:31:06 -1000 |
| commit | 7a745dd1aa13fbf110cc4d86ddbc86617975d6ad (patch) | |
| tree | bccccb4b69000239fed36a46b6181145f0d6b071 /meta/recipes-connectivity/openssh/openssh_8.9p1.bb | |
| parent | 2afd9a6002cba2a23dd62a1805b4be04083c041b (diff) | |
| download | openembedded-core-contrib-7a745dd1aa13fbf110cc4d86ddbc86617975d6ad.tar.gz | |
openssh: fix CVE-2023-51384
In ssh-agent in OpenSSH before 9.6, certain destination constraints can be
incompletely applied. When destination constraints are specified during
addition of PKCS#11-hosted private keys, these constraints are only applied
to the first key, even if a PKCS#11 token returns multiple keys.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-51384
Upstream patches:
https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-connectivity/openssh/openssh_8.9p1.bb')
| -rw-r--r-- | meta/recipes-connectivity/openssh/openssh_8.9p1.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb index 7ad9bced1b..3860899540 100644 --- a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb @@ -34,6 +34,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://CVE-2023-38408-0004.patch \ file://fix-authorized-principals-command.patch \ file://CVE-2023-48795.patch \ + file://CVE-2023-51384.patch \ " SRC_URI[sha256sum] = "fd497654b7ab1686dac672fb83dfb4ba4096e8b5ffcdaccd262380ae58bec5e7" |