openssh: fix CVE-2023-51385 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Archana Polampalli <archana.polampalli@windriver.com>	2023-12-28 06:40:39 +0000
committer	Steve Sakoman <steve@sakoman.com>	2024-01-04 05:00:13 -1000
commit	df2f696e68812689366447278d12ceb5ccdbbea8 (patch)
tree	1e1b7c567e1a023d2ca22369e5d6168b02c38ce6 /meta/classes/testimage.bbclass
parent	bad31561c0ee9fb6a77edba822addd668ca864f1 (diff)
download	poky-df2f696e68812689366447278d12ceb5ccdbbea8.tar.gz

openssh: fix CVE-2023-51385

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name. References: https://nvd.nist.gov/vuln/detail/CVE-2023-51385 Upstream patches: https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a (From OE-Core rev: 617640bd045f07b0870dc9f3bc838b3a9fbc3de7) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'meta/classes/testimage.bbclass')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: