webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

openssh: Update to version 9.3p2 - Fixes CVE-2023-38408

Browse Source 
- Update from version 9.3p1 to 9.3p2
- Update of rootfile not required
- Changelog
    9.3p2 (2023-07-19)
	This release fixes a security bug.
	Security
		Fix CVE-2023-38408 - a condition where specific libaries loaded via
		 ssh-agent(1)'s PKCS#11 support could be abused to achieve remote
		 code execution via a forwarded agent socket if the following
		 conditions are met:
			* Exploitation requires the presence of specific libraries on
			   the victim system.
			* Remote exploitation requires that the agent was forwarded
			   to an attacker-controlled system.
		Exploitation can also be prevented by starting ssh-agent(1) with an
		 empty PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring
		 an allowlist that contains only specific provider libraries.
		This vulnerability was discovered and demonstrated to be exploitable
		 by the Qualys Security Advisory team.
		In addition to removing the main precondition for exploitation,
		 this release removes the ability for remote ssh-agent(1) clients
		 to load PKCS#11 modules by default (see below).
		Potentially-incompatible changes
		 * ssh-agent(8): the agent will now refuse requests to load PKCS#11
		    modules issued by remote clients by default. A flag has been added
		    to restore the previous behaviour "-Oallow-remote-pkcs11".
		   Note that ssh-agent(8) depends on the SSH client to identify
		    requests that are remote. The OpenSSH >=8.9 ssh(1) client does
		    this, but forwarding access to an agent socket using other tools
		    may circumvent this restriction.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Adolf Belka
2023-07-20 18:04:39 +02:00
committed by Michael Tremer
parent de61475584
commit 45496ad190
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lfs/openssh
View File

@@ -24,7 +24,7 @@
include Config
VER = 9.3p1
VER = 9.3p2
THISAPP = openssh-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_BLAKE2 = 45578edf98bba3d23c7cefe60d8a7d3079e7c6676459f7422ace7a2461ab96943fbcadb478633a80f40bc098f2435722850b563714adb78b14922be53cb5753d
$(DL_FILE)_BLAKE2 = 38f8d4ada263112b318fafccabf0a33a004d8290a867434004eb3d37127c9bdabe6e0225fca9d6d68fb54338fec81dcc9313ca7c91d3a033311db44174dc9f6f
install : $(TARGET)