Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 21 Jul 2023 14:52:13 GMT
From:      Ed Maste <emaste@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: abf778208f10 - stable/12 - ssh: Apply CVE-2023-38408 fix from OpenSSH 9.3p2
Message-ID:  <202307211452.36LEqDvU041186@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch stable/12 has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=abf778208f101f57ecf402230c69222641f0a032

commit abf778208f101f57ecf402230c69222641f0a032
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2023-07-19 17:02:33 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2023-07-21 14:46:53 +0000

    ssh: Apply CVE-2023-38408 fix from OpenSSH 9.3p2
    
    OpenSSH 9.3p2 provides a fix CVE-2023-38408 - a condition where specific
    libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to
     achieve remote code execution via a forwarded agent socket if the
    following conditions are met:
    
    * Exploitation requires the presence of specific libraries on
      the victim system.
    * Remote exploitation requires that the agent was forwarded
      to an attacker-controlled system.
    
    This commit is the primary part of the fix in 9.3p2, applied to the
    OpenSSH version in FreeBSD 12.x.
    
    Security:       CVE-2023-38408
    Sponsored by:   The FreeBSD Foundation
---
 crypto/openssh/ssh-pkcs11.c  | 6 ++----
 crypto/openssh/sshd_config   | 2 +-
 crypto/openssh/sshd_config.5 | 2 +-
 crypto/openssh/version.h     | 2 +-
 4 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/crypto/openssh/ssh-pkcs11.c b/crypto/openssh/ssh-pkcs11.c
index b2e2b32a5078..9e48c134e411 100644
--- a/crypto/openssh/ssh-pkcs11.c
+++ b/crypto/openssh/ssh-pkcs11.c
@@ -1537,10 +1537,8 @@ pkcs11_register_provider(char *provider_id, char *pin,
 		error("dlopen %s failed: %s", provider_id, dlerror());
 		goto fail;
 	}
-	if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) {
-		error("dlsym(C_GetFunctionList) failed: %s", dlerror());
-		goto fail;
-	}
+	if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL)
+		fatal("dlsym(C_GetFunctionList) failed: %s", dlerror());
 	p = xcalloc(1, sizeof(*p));
 	p->name = xstrdup(provider_id);
 	p->handle = handle;
diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config
index 33c6e9a3b130..14a58ef4ddbb 100644
--- a/crypto/openssh/sshd_config
+++ b/crypto/openssh/sshd_config
@@ -106,7 +106,7 @@ AuthorizedKeysFile	.ssh/authorized_keys
 #PermitTunnel no
 #ChrootDirectory none
 #UseBlacklist no
-#VersionAddendum FreeBSD-20221019
+#VersionAddendum FreeBSD-20230719
 
 # no default banner path
 #Banner none
diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5
index 34dc3648ed26..dd8623d9b4dd 100644
--- a/crypto/openssh/sshd_config.5
+++ b/crypto/openssh/sshd_config.5
@@ -1822,7 +1822,7 @@ The default is
 Optionally specifies additional text to append to the SSH protocol banner
 sent by the server upon connection.
 The default is
-.Qq FreeBSD-20221019 .
+.Qq FreeBSD-20230719 .
 The value
 .Cm none
 may be used to disable this.
diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h
index 30539ed442ca..3f7069aba20f 100644
--- a/crypto/openssh/version.h
+++ b/crypto/openssh/version.h
@@ -6,4 +6,4 @@
 #define SSH_PORTABLE	"p1"
 #define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
 
-#define SSH_VERSION_FREEBSD	"FreeBSD-20221019"
+#define SSH_VERSION_FREEBSD	"FreeBSD-20230719"



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202307211452.36LEqDvU041186>