Fix possible buffer overrun from CVE-2025-5318
Resolves: RHEL-111721 Also add BuildRequires for p11-kit-client. This is due to a RHEL 10.2 change in p11-kit packaging (https://gitlab.com/redhat/centos-stream/rpms/p11-kit/-/commit/01aa4fd0) which moves the p11-kit-client.so into a new subpackage.
This commit is contained in:
Pavol Žáčik
parent
3e3cbde1df
commit
95ad6e369a
27
libssh-0.11.1-CVE-2025-5318.patch
Normal file
27
libssh-0.11.1-CVE-2025-5318.patch
Normal file
@ -0,0 +1,27 @@
|
||||
From b47ccd17559f79bfb2d6b94d2bf84856cf06259e Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Jelen <jjelen@redhat.com>
|
||||
Date: Tue, 22 Apr 2025 21:18:44 +0200
|
||||
Subject: [PATCH] CVE-2025-5318: sftpserver: Fix possible buffer overrun
|
||||
|
||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
||||
---
|
||||
src/sftpserver.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/sftpserver.c b/src/sftpserver.c
|
||||
index 1afd8b2f..2aa28baa 100644
|
||||
--- a/src/sftpserver.c
|
||||
+++ b/src/sftpserver.c
|
||||
@@ -704,7 +704,7 @@ void *sftp_handle(sftp_session sftp, ssh_string handle)
|
||||
|
||||
memcpy(&val, ssh_string_data(handle), sizeof(uint32_t));
|
||||
|
||||
- if (val > SFTP_HANDLES) {
|
||||
+ if (val >= SFTP_HANDLES) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
--
|
||||
2.50.1
|
||||
|
||||
13
libssh.spec
13
libssh.spec
@ -1,6 +1,6 @@
|
||||
Name: libssh
|
||||
Version: 0.11.1
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
Summary: A library implementing the SSH protocol
|
||||
License: LGPL-2.1-or-later
|
||||
URL: http://www.libssh.org
|
||||
@ -11,8 +11,11 @@ Source2: https://www.libssh.org/files/0x03D5DF8CFDD3E8E7_libssh_libssh_or
|
||||
Source3: libssh_client.config
|
||||
Source4: libssh_server.config
|
||||
# Don't use global openssl.cnf for PKCS#11 URI Tests
|
||||
# https://gitlab.com/libssh/libssh-mirror/-/merge_requests/543
|
||||
# https://gitlab.com/libssh/libssh-mirror/-/commit/46d74176
|
||||
Patch1: libssh-0.11.1-fix-provider-loading.patch
|
||||
# Fix possible buffer overrun in the SFTP server
|
||||
# https://gitlab.com/libssh/libssh-mirror/-/commit/ae8881df
|
||||
Patch2: libssh-0.11.1-CVE-2025-5318.patch
|
||||
|
||||
BuildRequires: cmake
|
||||
BuildRequires: gcc-c++
|
||||
@ -35,6 +38,7 @@ BuildRequires: nmap-ncat
|
||||
BuildRequires: pkcs11-provider
|
||||
BuildRequires: p11-kit-devel
|
||||
BuildRequires: p11-kit-server
|
||||
BuildRequires: p11-kit-client
|
||||
BuildRequires: opensc
|
||||
BuildRequires: softhsm
|
||||
BuildRequires: gnutls-utils
|
||||
@ -141,6 +145,11 @@ popd
|
||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config
|
||||
|
||||
%changelog
|
||||
* Tue Sep 30 2025 Pavol Žáčik <pzacik@redhat.com> - 0.11.1-3
|
||||
- Fix CVE-2025-5318
|
||||
Resolves: RHEL-111721
|
||||
- Add BuildRequires for p11-kit-client
|
||||
|
||||
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 0.11.1-2
|
||||
- Bump release for October 2024 mass rebuild:
|
||||
Resolves: RHEL-64018
|
||||
|
||||
Loading…
Reference in New Issue
Block a user