git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit

author	Archana Polampalli <archana.polampalli@windriver.com>
	Fri, 28 Jul 2023 12:28:40 +0000 (12:28 +0000)
committer	Steve Sakoman <steve@sakoman.com>
	Fri, 28 Jul 2023 16:42:21 +0000 (06:42 -1000)
commit	3c01159ab6a843fc922cf779b022c965d4ecd453
tree	e8dfddabf754cc6c21aedc42963aff0b7a3c310a	tree \| snapshot
parent	9b9f88d8828ee822635ed645cc192829fecec39e	commit \| diff

openssh: fix CVE-2023-38408

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an
insufficiently trustworthy search path, leading to remote code
execution if an agent is forwarded to an attacker-controlled system.
(Code in /usr/lib is not necessarily safe for loading into ssh-agent.)
NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-38408

Upstream patches:
https://github.com/openssh/openssh-portable/commit/892506b13654301f69f9545f48213fc210e5c5cc
https://github.com/openssh/openssh-portable/commit/1f2731f5d7a8f8a8385c6031667ed29072c0d92a
https://github.com/openssh/openssh-portable/commit/29ef8a04866ca14688d5b7fed7b8b9deab851f77
https://github.com/openssh/openssh-portable/commit/099cdf59ce1e72f55d421c8445bf6321b3004755

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0001.patch	[new file with mode: 0644]	blob
meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0002.patch	[new file with mode: 0644]	blob
meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0003.patch	[new file with mode: 0644]	blob
meta/recipes-connectivity/openssh/openssh/CVE-2023-38408-0004.patch	[new file with mode: 0644]	blob
meta/recipes-connectivity/openssh/openssh_8.9p1.bb		diff \| blob \| blame \| history