forked from rpms/openssh
import UBI openssh-8.7p1-30.el9_2
This commit is contained in:
parent
26f40c1ea2
commit
6afdefca5f
17
SOURCES/openssh-9.3p1-upstream-cve-2023-38408.patch
Normal file
17
SOURCES/openssh-9.3p1-upstream-cve-2023-38408.patch
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
|
||||||
|
index 6be647ec..ebddf6c3 100644
|
||||||
|
--- a/ssh-pkcs11.c
|
||||||
|
+++ b/ssh-pkcs11.c
|
||||||
|
@@ -1537,10 +1537,8 @@ pkcs11_register_provider(char *provider_id, char *pin,
|
||||||
|
error("dlopen %s failed: %s", provider_module, dlerror());
|
||||||
|
goto fail;
|
||||||
|
}
|
||||||
|
- if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) {
|
||||||
|
- error("dlsym(C_GetFunctionList) failed: %s", dlerror());
|
||||||
|
- goto fail;
|
||||||
|
- }
|
||||||
|
+ if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL)
|
||||||
|
+ fatal("dlsym(C_GetFunctionList) failed: %s", dlerror());
|
||||||
|
|
||||||
|
p->module->handle = handle;
|
||||||
|
/* setup the pkcs11 callbacks */
|
@ -51,7 +51,7 @@
|
|||||||
|
|
||||||
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
||||||
%global openssh_ver 8.7p1
|
%global openssh_ver 8.7p1
|
||||||
%global openssh_rel 29
|
%global openssh_rel 30
|
||||||
%global pam_ssh_agent_ver 0.10.4
|
%global pam_ssh_agent_ver 0.10.4
|
||||||
%global pam_ssh_agent_rel 5
|
%global pam_ssh_agent_rel 5
|
||||||
|
|
||||||
@ -265,6 +265,9 @@ Patch1007: openssh-8.7p1-nohostsha1proof.patch
|
|||||||
# upstream 12da7823336434a403f25c7cc0c2c6aed0737a35
|
# upstream 12da7823336434a403f25c7cc0c2c6aed0737a35
|
||||||
# to fix 1005
|
# to fix 1005
|
||||||
Patch1008: openssh-8.7p1-CVE-2023-25136.patch
|
Patch1008: openssh-8.7p1-CVE-2023-25136.patch
|
||||||
|
# upsream commit
|
||||||
|
# b23fe83f06ee7e721033769cfa03ae840476d280
|
||||||
|
Patch1015: openssh-9.3p1-upstream-cve-2023-38408.patch
|
||||||
|
|
||||||
License: BSD
|
License: BSD
|
||||||
Requires: /sbin/nologin
|
Requires: /sbin/nologin
|
||||||
@ -472,6 +475,7 @@ popd
|
|||||||
%patch1006 -p1 -b .negotiate-supported-algs
|
%patch1006 -p1 -b .negotiate-supported-algs
|
||||||
|
|
||||||
%patch100 -p1 -b .coverity
|
%patch100 -p1 -b .coverity
|
||||||
|
%patch1015 -p1 -b .cve-2023-38408
|
||||||
|
|
||||||
%patch1007 -p1 -b .sshrsacheck
|
%patch1007 -p1 -b .sshrsacheck
|
||||||
%patch1008 -p1 -b .cve-2023-25136
|
%patch1008 -p1 -b .cve-2023-25136
|
||||||
@ -761,6 +765,10 @@ test -f %{sysconfig_anaconda} && \
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jul 20 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-30
|
||||||
|
- Avoid remote code execution in ssh-agent PKCS#11 support
|
||||||
|
Resolves: CVE-2023-38408
|
||||||
|
|
||||||
* Thu Apr 06 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-29
|
* Thu Apr 06 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-29
|
||||||
- Resolve possible self-DoS with some clients
|
- Resolve possible self-DoS with some clients
|
||||||
Resolves: rhbz#2186473
|
Resolves: rhbz#2186473
|
||||||
|
Loading…
Reference in New Issue
Block a user