Date: Fri, 21 Jul 2023 14:52:13 GMT From: Ed Maste <emaste@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: abf778208f10 - stable/12 - ssh: Apply CVE-2023-38408 fix from OpenSSH 9.3p2 Message-ID: <202307211452.36LEqDvU041186@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/12 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=abf778208f101f57ecf402230c69222641f0a032 commit abf778208f101f57ecf402230c69222641f0a032 Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2023-07-19 17:02:33 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2023-07-21 14:46:53 +0000 ssh: Apply CVE-2023-38408 fix from OpenSSH 9.3p2 OpenSSH 9.3p2 provides a fix CVE-2023-38408 - a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if the following conditions are met: * Exploitation requires the presence of specific libraries on the victim system. * Remote exploitation requires that the agent was forwarded to an attacker-controlled system. This commit is the primary part of the fix in 9.3p2, applied to the OpenSSH version in FreeBSD 12.x. Security: CVE-2023-38408 Sponsored by: The FreeBSD Foundation --- crypto/openssh/ssh-pkcs11.c | 6 ++---- crypto/openssh/sshd_config | 2 +- crypto/openssh/sshd_config.5 | 2 +- crypto/openssh/version.h | 2 +- 4 files changed, 5 insertions(+), 7 deletions(-) diff --git a/crypto/openssh/ssh-pkcs11.c b/crypto/openssh/ssh-pkcs11.c index b2e2b32a5078..9e48c134e411 100644 --- a/crypto/openssh/ssh-pkcs11.c +++ b/crypto/openssh/ssh-pkcs11.c @@ -1537,10 +1537,8 @@ pkcs11_register_provider(char *provider_id, char *pin, error("dlopen %s failed: %s", provider_id, dlerror()); goto fail; } - if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) { - error("dlsym(C_GetFunctionList) failed: %s", dlerror()); - goto fail; - } + if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) + fatal("dlsym(C_GetFunctionList) failed: %s", dlerror()); p = xcalloc(1, sizeof(*p)); p->name = xstrdup(provider_id); p->handle = handle; diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config index 33c6e9a3b130..14a58ef4ddbb 100644 --- a/crypto/openssh/sshd_config +++ b/crypto/openssh/sshd_config @@ -106,7 +106,7 @@ AuthorizedKeysFile .ssh/authorized_keys #PermitTunnel no #ChrootDirectory none #UseBlacklist no -#VersionAddendum FreeBSD-20221019 +#VersionAddendum FreeBSD-20230719 # no default banner path #Banner none diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5 index 34dc3648ed26..dd8623d9b4dd 100644 --- a/crypto/openssh/sshd_config.5 +++ b/crypto/openssh/sshd_config.5 @@ -1822,7 +1822,7 @@ The default is Optionally specifies additional text to append to the SSH protocol banner sent by the server upon connection. The default is -.Qq FreeBSD-20221019 . +.Qq FreeBSD-20230719 . The value .Cm none may be used to disable this. diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h index 30539ed442ca..3f7069aba20f 100644 --- a/crypto/openssh/version.h +++ b/crypto/openssh/version.h @@ -6,4 +6,4 @@ #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE -#define SSH_VERSION_FREEBSD "FreeBSD-20221019" +#define SSH_VERSION_FREEBSD "FreeBSD-20230719"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202307211452.36LEqDvU041186>