diff options
author | Shubham Kulkarni <skulkarni@mvista.com> | 2023-09-06 13:28:50 +0530 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2023-09-15 03:47:11 -1000 |
commit | 0485ee7a6b889f7161732435bb1136bd86954f44 (patch) | |
tree | e81c430345c3559ae9cf1b99729898bd3e34b3b0 /meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-10.patch | |
parent | 90175073f614c8430e1ed694501df4e5474d57aa (diff) | |
download | poky-0485ee7a6b889f7161732435bb1136bd86954f44.tar.gz |
openssh: Securiry fix for CVE-2023-38408
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an
insufficiently trustworthy search path, leading to remote code
execution if an agent is forwarded to an attacker-controlled system.
(Code in /usr/lib is not necessarily safe for loading into ssh-agent.)
NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-38408
Upstream patches:
https://github.com/openssh/openssh-portable/commit/dee22129, https://github.com/openssh/openssh-portable/commit/099cdf59,
https://github.com/openssh/openssh-portable/commit/29ef8a04, https://github.com/openssh/openssh-portable/commit/892506b1,
https://github.com/openssh/openssh-portable/commit/0c111eb8, https://github.com/openssh/openssh-portable/commit/52a03e9f,
https://github.com/openssh/openssh-portable/commit/1fe16fd6, https://github.com/openssh/openssh-portable/commit/e0e8bee8,
https://github.com/openssh/openssh-portable/commit/8afaa7d7, https://github.com/openssh/openssh-portable/commit/1a4b9275,
https://github.com/openssh/openssh-portable/commit/4c1e3ce8, https://github.com/openssh/openssh-portable/commit/1f2731f5.
(From OE-Core rev: 9242b8218858d2bebb3235929fea7e7235cd40f3)
Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-10.patch')
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-10.patch | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-10.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-10.patch new file mode 100644 index 0000000000..27b2eadfae --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-10.patch | |||
@@ -0,0 +1,39 @@ | |||
1 | From 343e2a2c0ef754a7a86118016b248f7a73f8d510 Mon Sep 17 00:00:00 2001 | ||
2 | From: "djm@openbsd.org" <djm@openbsd.org> | ||
3 | Date: Fri, 29 Jan 2021 06:29:46 +0000 | ||
4 | Subject: [PATCH 10/12] upstream: fix the values of enum sock_type | ||
5 | |||
6 | OpenBSD-Commit-ID: 18d048f4dbfbb159ff500cfc2700b8fb1407facd | ||
7 | |||
8 | Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/1a4b92758690faa12f49079dd3b72567f909466d] | ||
9 | CVE: CVE-2023-38408 | ||
10 | Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com> | ||
11 | --- | ||
12 | ssh-agent.c | 8 ++++---- | ||
13 | 1 file changed, 4 insertions(+), 4 deletions(-) | ||
14 | |||
15 | diff --git a/ssh-agent.c b/ssh-agent.c | ||
16 | index c99927c..7f1e14b 100644 | ||
17 | --- a/ssh-agent.c | ||
18 | +++ b/ssh-agent.c | ||
19 | @@ -1,4 +1,4 @@ | ||
20 | -/* $OpenBSD: ssh-agent.c,v 1.274 2021/01/29 06:28:10 djm Exp $ */ | ||
21 | +/* $OpenBSD: ssh-agent.c,v 1.275 2021/01/29 06:29:46 djm Exp $ */ | ||
22 | /* | ||
23 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | ||
24 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | ||
25 | @@ -103,9 +103,9 @@ | ||
26 | #define AGENT_RBUF_LEN (4096) | ||
27 | |||
28 | typedef enum { | ||
29 | - AUTH_UNUSED, | ||
30 | - AUTH_SOCKET, | ||
31 | - AUTH_CONNECTION | ||
32 | + AUTH_UNUSED = 0, | ||
33 | + AUTH_SOCKET = 1, | ||
34 | + AUTH_CONNECTION = 2, | ||
35 | } sock_type; | ||
36 | |||
37 | typedef struct socket_entry { | ||
38 | -- | ||
39 | 2.41.0 | ||