From 418d6a85bef78bdecf1529764f20e9a134c0313f Mon Sep 17 00:00:00 2001 From: Zoltan Fridrich Date: Fri, 10 Apr 2026 13:09:18 +0200 Subject: [PATCH] Fix CVE-2026-35387 Fix incomplete application of PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms with regard to ECDSA keys Resolves: RHEL-166223 Signed-off-by: Zoltan Fridrich --- ...h-9.9p1-ecdsa-incomplete-application.patch | 103 ++++++++++++++++++ openssh.spec | 6 + 2 files changed, 109 insertions(+) create mode 100644 openssh-9.9p1-ecdsa-incomplete-application.patch diff --git a/openssh-9.9p1-ecdsa-incomplete-application.patch b/openssh-9.9p1-ecdsa-incomplete-application.patch new file mode 100644 index 0000000..3b93ca4 --- /dev/null +++ b/openssh-9.9p1-ecdsa-incomplete-application.patch @@ -0,0 +1,103 @@ +diff --color -ruNp a/auth2-hostbased.c b/auth2-hostbased.c +--- a/auth2-hostbased.c 2026-04-09 13:22:28.114045749 +0200 ++++ b/auth2-hostbased.c 2026-04-09 14:34:44.876393822 +0200 +@@ -96,9 +96,10 @@ userauth_hostbased(struct ssh *ssh, cons + error_f("cannot decode key: %s", pkalg); + goto done; + } +- if (key->type != pktype) { +- error_f("type mismatch for decoded key " +- "(received %d, expected %d)", key->type, pktype); ++ if (key->type != pktype || (sshkey_type_plain(pktype) == KEY_ECDSA && ++ sshkey_ecdsa_nid_from_name(pkalg) != key->ecdsa_nid)) { ++ error_f("key type mismatch for decoded key " ++ "(received %s, expected %s)", sshkey_ssh_name(key), pkalg); + goto done; + } + if (match_pattern_list(pkalg, options.hostbased_accepted_algos, 0) != 1) { +diff --color -ruNp a/auth2-pubkey.c b/auth2-pubkey.c +--- a/auth2-pubkey.c 2026-04-09 13:22:28.157194118 +0200 ++++ b/auth2-pubkey.c 2026-04-09 14:35:48.997689347 +0200 +@@ -152,9 +152,10 @@ userauth_pubkey(struct ssh *ssh, const c + error_f("cannot decode key: %s", pkalg); + goto done; + } +- if (key->type != pktype) { +- error_f("type mismatch for decoded key " +- "(received %d, expected %d)", key->type, pktype); ++ if (key->type != pktype || (sshkey_type_plain(pktype) == KEY_ECDSA && ++ sshkey_ecdsa_nid_from_name(pkalg) != key->ecdsa_nid)) { ++ error_f("key type mismatch for decoded key " ++ "(received %s, expected %s)", sshkey_ssh_name(key), pkalg); + goto done; + } + if (auth2_key_already_used(authctxt, key)) { +diff --color -ruNp a/sshconnect2.c b/sshconnect2.c +--- a/sshconnect2.c 2026-04-09 13:22:28.193412553 +0200 ++++ b/sshconnect2.c 2026-04-09 14:42:37.644945762 +0200 +@@ -91,6 +91,7 @@ extern Options options; + static char *xxx_host; + static struct sockaddr *xxx_hostaddr; + static const struct ssh_conn_info *xxx_conn_info; ++static int key_type_allowed(struct sshkey *, const char *); + + static int + verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh) +@@ -100,6 +101,10 @@ verify_host_key_callback(struct sshkey * + if ((r = sshkey_check_rsa_length(hostkey, + options.required_rsa_size)) != 0) + fatal_r(r, "Bad server host key"); ++ if (!key_type_allowed(hostkey, options.hostkeyalgorithms)) { ++ fatal("Server host key %s not in HostKeyAlgorithms", ++ sshkey_ssh_name(hostkey)); ++ } + if (verify_host_key(xxx_host, xxx_hostaddr, hostkey, + xxx_conn_info) != 0) + fatal("Host key verification failed."); +@@ -1776,34 +1781,37 @@ load_identity_file(Identity *id) + } + + static int +-key_type_allowed_by_config(struct sshkey *key) ++key_type_allowed(struct sshkey *key, const char *allowlist) + { +- if (match_pattern_list(sshkey_ssh_name(key), +- options.pubkey_accepted_algos, 0) == 1) ++ if (match_pattern_list(sshkey_ssh_name(key), allowlist, 0) == 1) + return 1; + + /* RSA keys/certs might be allowed by alternate signature types */ + switch (key->type) { + case KEY_RSA: +- if (match_pattern_list("rsa-sha2-512", +- options.pubkey_accepted_algos, 0) == 1) ++ if (match_pattern_list("rsa-sha2-512", allowlist, 0) == 1) + return 1; +- if (match_pattern_list("rsa-sha2-256", +- options.pubkey_accepted_algos, 0) == 1) ++ if (match_pattern_list("rsa-sha2-256", allowlist, 0) == 1) + return 1; + break; + case KEY_RSA_CERT: + if (match_pattern_list("rsa-sha2-512-cert-v01@openssh.com", +- options.pubkey_accepted_algos, 0) == 1) ++ allowlist, 0) == 1) + return 1; + if (match_pattern_list("rsa-sha2-256-cert-v01@openssh.com", +- options.pubkey_accepted_algos, 0) == 1) ++ allowlist, 0) == 1) + return 1; + break; + } + return 0; + } + ++static int ++key_type_allowed_by_config(struct sshkey *key) ++{ ++ return key_type_allowed(key, options.pubkey_accepted_algos); ++} ++ + /* obtain a list of keys from the agent */ + static int + get_agent_identities(struct ssh *ssh, int *agent_fdp, diff --git a/openssh.spec b/openssh.spec index fb297ac..1eff43c 100644 --- a/openssh.spec +++ b/openssh.spec @@ -243,6 +243,8 @@ Patch1039: openssh-9.9p1-fill-default-options-error.patch Patch1040: openssh-9.9p1-scp-clear-setuid.patch # upstream c805b97b67c774e0bf922ffb29dfbcda9d7b5add Patch1041: openssh-9.9p1-mux-askpass-check.patch +# upstream fd1c7e131f331942d20f42f31e79912d570081fa +Patch1042: openssh-9.9p1-ecdsa-incomplete-application.patch License: BSD-3-Clause AND BSD-2-Clause AND ISC AND SSH-OpenSSH AND ssh-keyscan AND snprintf AND LicenseRef-Fedora-Public-Domain AND X11-distribute-modifications-variant Requires: /sbin/nologin @@ -448,6 +450,7 @@ gpgv2 --quiet --keyring %{SOURCE3} %{SOURCE1} %{SOURCE0} %patch -P 1039 -p1 -b .fill-default-options-error %patch -P 1040 -p1 -b .scp-clear-setuid %patch -P 1041 -p1 -b .mux-askpass-check +%patch -P 1042 -p1 -b .ecdsa-incomplete-application %patch -P 100 -p1 -b .coverity @@ -739,6 +742,9 @@ test -f %{sysconfig_anaconda} && \ - CVE-2026-35388: Add connection multiplexing confirmation for proxy-mode multiplexing sessions Resolves: RHEL-166239 +- CVE-2026-35387: Fix incomplete application of PubkeyAcceptedAlgorithms + and HostbasedAcceptedAlgorithms with regard to ECDSA keys + Resolves: RHEL-166223 * Fri Mar 27 2026 Zoltan Fridrich - 9.9p1-24 - Fix typo in SPDX license name