Fix CVE-2026-35414
Fix mishandling of authorized_keys principals option Resolves: RHEL-166192 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
This commit is contained in:
Zoltan Fridrich
parent
b0d3fc6ef1
commit
dcbbe4855b
37
openssh-8.7p1-authorized-keys-principles-option.patch
Normal file
37
openssh-8.7p1-authorized-keys-principles-option.patch
Normal file
@ -0,0 +1,37 @@
|
||||
diff --color -ruNp a/auth2-pubkey.c b/auth2-pubkey.c
|
||||
--- a/auth2-pubkey.c 2026-04-13 15:13:58.759515611 +0200
|
||||
+++ b/auth2-pubkey.c 2026-04-13 15:20:28.131029727 +0200
|
||||
@@ -329,20 +329,23 @@ user_key_verify(struct ssh *ssh, const s
|
||||
static int
|
||||
match_principals_option(const char *principal_list, struct sshkey_cert *cert)
|
||||
{
|
||||
- char *result;
|
||||
+ char *list, *olist, *entry;
|
||||
u_int i;
|
||||
|
||||
- /* XXX percent_expand() sequences for authorized_principals? */
|
||||
-
|
||||
- for (i = 0; i < cert->nprincipals; i++) {
|
||||
- if ((result = match_list(cert->principals[i],
|
||||
- principal_list, NULL)) != NULL) {
|
||||
- debug3("matched principal from key options \"%.100s\"",
|
||||
- result);
|
||||
- free(result);
|
||||
- return 1;
|
||||
+ olist = list = xstrdup(principal_list);
|
||||
+ for (;;) {
|
||||
+ if ((entry = strsep(&list, ",")) == NULL || *entry == '\0')
|
||||
+ break;
|
||||
+ for (i = 0; i < cert->nprincipals; i++) {
|
||||
+ if (strcmp(entry, cert->principals[i]) == 0) {
|
||||
+ debug3("matched principal from key i"
|
||||
+ "options \"%.100s\"", entry);
|
||||
+ free(olist);
|
||||
+ return 1;
|
||||
+ }
|
||||
}
|
||||
}
|
||||
+ free(olist);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -306,6 +306,8 @@ Patch1025: openssh-9.9p1-scp-clear-setuid.patch
|
||||
Patch1026: openssh-8.0p1-mux-askpass-check.patch
|
||||
# upstream fd1c7e131f331942d20f42f31e79912d570081fa
|
||||
Patch1027: openssh-8.0p1-ecdsa-incomplete-application.patch
|
||||
# upstream fd1c7e131f331942d20f42f31e79912d570081fa
|
||||
Patch1028: openssh-8.7p1-authorized-keys-principles-option.patch
|
||||
|
||||
License: BSD
|
||||
Group: Applications/Internet
|
||||
@ -560,6 +562,7 @@ popd
|
||||
%patch1025 -p1 -b .scp-clear-setuid
|
||||
%patch1026 -p1 -b .mux-askpass-check
|
||||
%patch1027 -p1 -b .ecdsa-incomplete-application
|
||||
%patch1028 -p1 -b .authorized-keys-principles-option
|
||||
|
||||
autoreconf
|
||||
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
|
||||
@ -855,6 +858,8 @@ getent passwd sshd >/dev/null || \
|
||||
- CVE-2026-35387: Fix incomplete application of PubkeyAcceptedAlgorithms
|
||||
and HostbasedAcceptedAlgorithms with regard to ECDSA keys
|
||||
Resolves: RHEL-166224
|
||||
- CVE-2026-35414: Fix mishandling of authorized_keys principals option
|
||||
Resolves: RHEL-166192
|
||||
|
||||
* Mon Mar 16 2026 Zoltan Fridrich <zfridric@redhat.com> - 8.0p1-28
|
||||
- CVE-2026-3497: Fix information disclosure or denial of service due
|
||||
|
||||
Loading…
Reference in New Issue
Block a user