summaryrefslogtreecommitdiffstats
path: root/meta-oe
diff options
context:
space:
mode:
authorDivya Chellam <divya.chellam@windriver.com>2025-09-11 16:07:05 +0530
committerAnuj Mittal <anuj.mittal@intel.com>2025-09-23 09:59:05 +0800
commit3702195a7ebb1947c8dfc9bba1196d6b42ae6253 (patch)
tree158e0057e0b027267a1a83c2bca12e3d50a229fd /meta-oe
parent71b601e3d721fd8edc0e98b627331e14f8ff7a23 (diff)
downloadmeta-openembedded-3702195a7ebb1947c8dfc9bba1196d6b42ae6253.tar.gz
libssh: fix CVE-2025-5987
A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes. Reference: https://security-tracker.debian.org/tracker/CVE-2025-5987 Upstream-patch: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=90b4845e0c98574bbf7bea9e97796695f064bf57 Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Diffstat (limited to 'meta-oe')
-rw-r--r--meta-oe/recipes-support/libssh/libssh/CVE-2025-5987.patch37
-rw-r--r--meta-oe/recipes-support/libssh/libssh_0.10.6.bb1
2 files changed, 38 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2025-5987.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2025-5987.patch
new file mode 100644
index 0000000000..08395e0e7d
--- /dev/null
+++ b/meta-oe/recipes-support/libssh/libssh/CVE-2025-5987.patch
@@ -0,0 +1,37 @@
1From 90b4845e0c98574bbf7bea9e97796695f064bf57 Mon Sep 17 00:00:00 2001
2From: Jakub Jelen <jjelen@redhat.com>
3Date: Tue, 6 May 2025 22:51:41 +0200
4Subject: [PATCH] CVE-2025-5987 libcrypto: Correctly detect failures of chacha
5 initialization
6
7Signed-off-by: Jakub Jelen <jjelen@redhat.com>
8Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
9
10CVE: CVE-2025-5987
11
12Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/commit/?id=90b4845e0c98574bbf7bea9e97796695f064bf57]
13
14Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
15---
16 src/libcrypto.c | 4 ++--
17 1 file changed, 2 insertions(+), 2 deletions(-)
18
19diff --git a/src/libcrypto.c b/src/libcrypto.c
20index 76e067d3..69a850de 100644
21--- a/src/libcrypto.c
22+++ b/src/libcrypto.c
23@@ -771,9 +771,9 @@ chacha20_poly1305_set_key(struct ssh_cipher_struct *cipher,
24 SSH_LOG(SSH_LOG_WARNING, "EVP_CIPHER_CTX_new failed");
25 goto out;
26 }
27- ret = EVP_EncryptInit_ex(ctx->header_evp, EVP_chacha20(), NULL,
28+ rv = EVP_EncryptInit_ex(ctx->header_evp, EVP_chacha20(), NULL,
29 u8key + CHACHA20_KEYLEN, NULL);
30- if (ret != 1) {
31+ if (rv != 1) {
32 SSH_LOG(SSH_LOG_WARNING, "EVP_CipherInit failed");
33 goto out;
34 }
35--
362.40.0
37
diff --git a/meta-oe/recipes-support/libssh/libssh_0.10.6.bb b/meta-oe/recipes-support/libssh/libssh_0.10.6.bb
index 6932da5175..bf91e69bc8 100644
--- a/meta-oe/recipes-support/libssh/libssh_0.10.6.bb
+++ b/meta-oe/recipes-support/libssh/libssh_0.10.6.bb
@@ -16,6 +16,7 @@ SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable
16 file://CVE-2025-4877.patch \ 16 file://CVE-2025-4877.patch \
17 file://CVE-2025-4878-0001.patch \ 17 file://CVE-2025-4878-0001.patch \
18 file://CVE-2025-4878-0002.patch \ 18 file://CVE-2025-4878-0002.patch \
19 file://CVE-2025-5987.patch \
19 " 20 "
20SRCREV = "10e09e273f69e149389b3e0e5d44b8c221c2e7f6" 21SRCREV = "10e09e273f69e149389b3e0e5d44b8c221c2e7f6"
21 22