rpms/libssh
6
0
Fork 0
Code Issues Pull Requests Releases Activity

import UBI libssh-0.9.6-16.el8_10

Browse Source
This commit is contained in:
eabdullin 2025-11-24 18:46:48 +00:00
parent 17c3e315d4
commit 34b5ef3286
2 changed files with 48 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
SOURCES/CVE-2025-5372.patch Normal file
View File

@ -0,0 +1,42 @@
From 155df31305bee839041a04247645ad066ada95ee Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 14 May 2025 14:07:58 +0200
Subject: [PATCH] CVE-2025-5372 libgcrypto: Simplify error checking and
handling of return codes in ssh_kdf()
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
src/libcrypto.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/libcrypto.c b/src/libcrypto.c
index 3db75df6..88d93862 100644
--- a/src/libcrypto.c
+++ b/src/libcrypto.c
@@ -366,6 +366,7 @@ int ssh_kdf(struct ssh_crypto_struct *crypto,
int key_type, unsigned char *output,
size_t requested_len)
{
+ int ret = SSH_ERROR;
EVP_KDF_CTX *ctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF);
int rc;
@@ -401,10 +402,12 @@ int ssh_kdf(struct ssh_crypto_struct *crypto,
goto out;
}
+ ret = SSH_OK;
+
out:
EVP_KDF_CTX_free(ctx);
- if (rc < 0) {
- return rc;
+ if (ret < 0) {
+ return ret;
}
return 0;
}
--
2.51.0

7
SPECS/libssh.spec
View File

@ -1,6 +1,6 @@
Name: libssh Name: libssh
Version: 0.9.6 Version: 0.9.6
Release: 15%{?dist} Release: 16%{?dist}
Summary: A library implementing the SSH protocol Summary: A library implementing the SSH protocol
License: LGPLv2+ License: LGPLv2+
URL: http://www.libssh.org URL: http://www.libssh.org
@ -21,6 +21,7 @@ Patch6: CVE-2023-48795.patch
Patch7: CVE-2023-6004.patch Patch7: CVE-2023-6004.patch
Patch8: CVE-2023-6918.patch Patch8: CVE-2023-6918.patch
Patch9: CVE-2025-5318.patch Patch9: CVE-2025-5318.patch
Patch10: CVE-2025-5372.patch
BuildRequires: cmake BuildRequires: cmake
BuildRequires: doxygen BuildRequires: doxygen
@ -149,6 +150,10 @@ popd
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config
%changelog %changelog
* Wed Nov 05 2025 Pavol Žáčik <pzacik@redhat.com> - 0.9.6-16
- Fix CVE-2025-5372
Resolves: RHEL-121232
* Tue Sep 30 2025 Pavol Žáčik <pzacik@redhat.com> - 0.9.6-15 * Tue Sep 30 2025 Pavol Žáčik <pzacik@redhat.com> - 0.9.6-15
- Fix CVE-2025-5318 - Fix CVE-2025-5318
Resolves: RHEL-111724 Resolves: RHEL-111724