From: Siddharth Doshi <sdo...@mvista.com>
OpenSSH 9.3p1 fixes 1 HIGH level security vulnerability.
Upgrade the recipe to point to 9.3p1.
CVEs Fixed:
1) CVE-2023-28531
- ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the
intended per-hop destination constraints.
Signed-off-by: Siddharth Doshi <sdo...@mvista.com>
---
.../openssh/{openssh_9.2p1.bb => openssh_9.3p1.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-connectivity/openssh/{openssh_9.2p1.bb =>
openssh_9.3p1.bb} (98%)
diff --git a/meta/recipes-connectivity/openssh/openssh_9.2p1.bb
b/meta/recipes-connectivity/openssh/openssh_9.3p1.bb
similarity index 98%
rename from meta/recipes-connectivity/openssh/openssh_9.2p1.bb
rename to meta/recipes-connectivity/openssh/openssh_9.3p1.bb
index 4666237d68..d3dedd1a5a 100644
--- a/meta/recipes-connectivity/openssh/openssh_9.2p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_9.3p1.bb
@@ -25,7 +25,7 @@ SRC_URI =
"http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
file://sshd_check_keys \
file://add-test-support-for-busybox.patch \
"
-SRC_URI[sha256sum] =
"3f66dbf1655fb45f50e1c56da62ab01218c228807b21338d634ebcdf9d71cf46"
+SRC_URI[sha256sum] =
"e9baba7701a76a51f3d85a62c383a3c9dcd97fa900b859bc7db114c1868af8a8"
# This CVE is specific to OpenSSH with the pam opie which we don't build/use
here
CVE_CHECK_IGNORE += "CVE-2007-2768"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#179147):
https://lists.openembedded.org/g/openembedded-core/message/179147
Mute This Topic: https://lists.openembedded.org/mt/97877563/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
