diff --git a/SOURCES/CVE-2025-5372.patch b/SOURCES/CVE-2025-5372.patch new file mode 100644 index 0000000..c60d1ce --- /dev/null +++ b/SOURCES/CVE-2025-5372.patch @@ -0,0 +1,42 @@ +From 155df31305bee839041a04247645ad066ada95ee Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Wed, 14 May 2025 14:07:58 +0200 +Subject: [PATCH] CVE-2025-5372 libgcrypto: Simplify error checking and + handling of return codes in ssh_kdf() + +Signed-off-by: Jakub Jelen +Reviewed-by: Andreas Schneider +--- + src/libcrypto.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/src/libcrypto.c b/src/libcrypto.c +index 3db75df6..88d93862 100644 +--- a/src/libcrypto.c ++++ b/src/libcrypto.c +@@ -366,6 +366,7 @@ int ssh_kdf(struct ssh_crypto_struct *crypto, + int key_type, unsigned char *output, + size_t requested_len) + { ++ int ret = SSH_ERROR; + EVP_KDF_CTX *ctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF); + int rc; + +@@ -401,10 +402,12 @@ int ssh_kdf(struct ssh_crypto_struct *crypto, + goto out; + } + ++ ret = SSH_OK; ++ + out: + EVP_KDF_CTX_free(ctx); +- if (rc < 0) { +- return rc; ++ if (ret < 0) { ++ return ret; + } + return 0; + } +-- +2.51.0 + diff --git a/SPECS/libssh.spec b/SPECS/libssh.spec index f7bfa0d..0e593ce 100644 --- a/SPECS/libssh.spec +++ b/SPECS/libssh.spec @@ -1,6 +1,6 @@ Name: libssh Version: 0.9.6 -Release: 15%{?dist} +Release: 16%{?dist} Summary: A library implementing the SSH protocol License: LGPLv2+ URL: http://www.libssh.org @@ -21,6 +21,7 @@ Patch6: CVE-2023-48795.patch Patch7: CVE-2023-6004.patch Patch8: CVE-2023-6918.patch Patch9: CVE-2025-5318.patch +Patch10: CVE-2025-5372.patch BuildRequires: cmake BuildRequires: doxygen @@ -149,6 +150,10 @@ popd %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config %changelog +* Wed Nov 05 2025 Pavol Žáčik - 0.9.6-16 +- Fix CVE-2025-5372 + Resolves: RHEL-121232 + * Tue Sep 30 2025 Pavol Žáčik - 0.9.6-15 - Fix CVE-2025-5318 Resolves: RHEL-111724