diff options
author | Siddharth Doshi <sdoshi@mvista.com> | 2023-03-27 14:06:20 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-03-27 15:44:02 +0100 |
commit | e3afe166940686b05626c3298bc4369296b7d8a3 (patch) | |
tree | 843306d30b70329dbe5eed8e09b5a7a1c76f5434 /meta/recipes-connectivity/openssh | |
parent | e9e5a7910e3fd0350e27c20ca22843cbfc96077c (diff) | |
download | poky-e3afe166940686b05626c3298bc4369296b7d8a3.tar.gz |
openssh: upgrade 9.2p1 -> 9.3p1
OpenSSH 9.3p1 fixes 1 HIGH level security vulnerability.
Upgrade the recipe to point to 9.3p1.
CVEs Fixed:
1) CVE-2023-28531
- ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints.
(From OE-Core rev: ca4b4165f388a8b8bb80c120a2baef00e7e3bcac)
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/openssh')
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh_9.3p1.bb (renamed from meta/recipes-connectivity/openssh/openssh_9.2p1.bb) | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh_9.2p1.bb b/meta/recipes-connectivity/openssh/openssh_9.3p1.bb index 4666237d68..d3dedd1a5a 100644 --- a/meta/recipes-connectivity/openssh/openssh_9.2p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_9.3p1.bb | |||
@@ -25,7 +25,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar | |||
25 | file://sshd_check_keys \ | 25 | file://sshd_check_keys \ |
26 | file://add-test-support-for-busybox.patch \ | 26 | file://add-test-support-for-busybox.patch \ |
27 | " | 27 | " |
28 | SRC_URI[sha256sum] = "3f66dbf1655fb45f50e1c56da62ab01218c228807b21338d634ebcdf9d71cf46" | 28 | SRC_URI[sha256sum] = "e9baba7701a76a51f3d85a62c383a3c9dcd97fa900b859bc7db114c1868af8a8" |
29 | 29 | ||
30 | # This CVE is specific to OpenSSH with the pam opie which we don't build/use here | 30 | # This CVE is specific to OpenSSH with the pam opie which we don't build/use here |
31 | CVE_CHECK_IGNORE += "CVE-2007-2768" | 31 | CVE_CHECK_IGNORE += "CVE-2007-2768" |