Fix CVE-2026-35388
Add connection multiplexing confirmation for proxy-mode multiplexing sessions Resolves: RHEL-166239 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
This commit is contained in:
Zoltan Fridrich
parent
4ca20e1c2c
commit
b39c465ad2
20
openssh-9.9p1-mux-askpass-check.patch
Normal file
20
openssh-9.9p1-mux-askpass-check.patch
Normal file
@ -0,0 +1,20 @@
|
||||
diff --color -ruNp a/mux.c b/mux.c
|
||||
--- a/mux.c 2024-09-20 00:20:48.000000000 +0200
|
||||
+++ b/mux.c 2026-04-09 15:02:36.016198814 +0200
|
||||
@@ -1137,6 +1137,16 @@ mux_master_process_proxy(struct ssh *ssh
|
||||
|
||||
debug_f("channel %d: proxy request", c->self);
|
||||
|
||||
+ if (options.control_master == SSHCTL_MASTER_ASK ||
|
||||
+ options.control_master == SSHCTL_MASTER_AUTO_ASK) {
|
||||
+ if (!ask_permission("Allow multiplex proxy connection?")) {
|
||||
+ debug2_f("proxy refused by user");
|
||||
+ reply_error(reply, MUX_S_PERMISSION_DENIED, rid,
|
||||
+ "Permission denied");
|
||||
+ return 0;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
c->mux_rcb = channel_proxy_downstream;
|
||||
if ((r = sshbuf_put_u32(reply, MUX_S_PROXY)) != 0 ||
|
||||
(r = sshbuf_put_u32(reply, rid)) != 0)
|
||||
@ -241,6 +241,8 @@ Patch1038: openssh-9.9p1-maxstartups-mistracking.patch
|
||||
Patch1039: openssh-9.9p1-fill-default-options-error.patch
|
||||
# upstream 487e8ac146f7d6616f65c125d5edb210519b833a
|
||||
Patch1040: openssh-9.9p1-scp-clear-setuid.patch
|
||||
# upstream c805b97b67c774e0bf922ffb29dfbcda9d7b5add
|
||||
Patch1041: openssh-9.9p1-mux-askpass-check.patch
|
||||
|
||||
License: BSD-3-Clause AND BSD-2-Clause AND ISC AND SSH-OpenSSH AND ssh-keyscan AND snprintf AND LicenseRef-Fedora-Public-Domain AND X11-distribute-modifications-variant
|
||||
Requires: /sbin/nologin
|
||||
@ -445,6 +447,7 @@ gpgv2 --quiet --keyring %{SOURCE3} %{SOURCE1} %{SOURCE0}
|
||||
%patch -P 1038 -p1 -b .maxstartups-mistracking
|
||||
%patch -P 1039 -p1 -b .fill-default-options-error
|
||||
%patch -P 1040 -p1 -b .scp-clear-setuid
|
||||
%patch -P 1041 -p1 -b .mux-askpass-check
|
||||
|
||||
%patch -P 100 -p1 -b .coverity
|
||||
|
||||
@ -733,6 +736,9 @@ test -f %{sysconfig_anaconda} && \
|
||||
- CVE-2026-35385: Fix privilege escalation via scp legacy protocol
|
||||
when not in preserving file mode
|
||||
Resolves: RHEL-164740
|
||||
- CVE-2026-35388: Add connection multiplexing confirmation for proxy-mode
|
||||
multiplexing sessions
|
||||
Resolves: RHEL-166239
|
||||
|
||||
* Fri Mar 27 2026 Zoltan Fridrich <zfridric@redhat.com> - 9.9p1-24
|
||||
- Fix typo in SPDX license name
|
||||
|
||||
Loading…
Reference in New Issue
Block a user