diff options
author | Shubham Kulkarni <skulkarni@mvista.com> | 2023-09-06 13:28:50 +0530 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2023-09-15 03:47:11 -1000 |
commit | 0485ee7a6b889f7161732435bb1136bd86954f44 (patch) | |
tree | e81c430345c3559ae9cf1b99729898bd3e34b3b0 /meta/recipes-devtools | |
parent | 90175073f614c8430e1ed694501df4e5474d57aa (diff) | |
download | poky-0485ee7a6b889f7161732435bb1136bd86954f44.tar.gz |
openssh: Securiry fix for CVE-2023-38408
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an
insufficiently trustworthy search path, leading to remote code
execution if an agent is forwarded to an attacker-controlled system.
(Code in /usr/lib is not necessarily safe for loading into ssh-agent.)
NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-38408
Upstream patches:
https://github.com/openssh/openssh-portable/commit/dee22129, https://github.com/openssh/openssh-portable/commit/099cdf59,
https://github.com/openssh/openssh-portable/commit/29ef8a04, https://github.com/openssh/openssh-portable/commit/892506b1,
https://github.com/openssh/openssh-portable/commit/0c111eb8, https://github.com/openssh/openssh-portable/commit/52a03e9f,
https://github.com/openssh/openssh-portable/commit/1fe16fd6, https://github.com/openssh/openssh-portable/commit/e0e8bee8,
https://github.com/openssh/openssh-portable/commit/8afaa7d7, https://github.com/openssh/openssh-portable/commit/1a4b9275,
https://github.com/openssh/openssh-portable/commit/4c1e3ce8, https://github.com/openssh/openssh-portable/commit/1f2731f5.
(From OE-Core rev: 9242b8218858d2bebb3235929fea7e7235cd40f3)
Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-devtools')
0 files changed, 0 insertions, 0 deletions