git: abf778208f10 - stable/12 - ssh: Apply CVE-2023-38408 fix from OpenSSH 9.3p2
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 21 Jul 2023 14:52:13 UTC
The branch stable/12 has been updated by emaste:
URL: https://cgit.FreeBSD.org/src/commit/?id=abf778208f101f57ecf402230c69222641f0a032
commit abf778208f101f57ecf402230c69222641f0a032
Author: Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2023-07-19 17:02:33 +0000
Commit: Ed Maste <emaste@FreeBSD.org>
CommitDate: 2023-07-21 14:46:53 +0000
ssh: Apply CVE-2023-38408 fix from OpenSSH 9.3p2
OpenSSH 9.3p2 provides a fix CVE-2023-38408 - a condition where specific
libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to
achieve remote code execution via a forwarded agent socket if the
following conditions are met:
* Exploitation requires the presence of specific libraries on
the victim system.
* Remote exploitation requires that the agent was forwarded
to an attacker-controlled system.
This commit is the primary part of the fix in 9.3p2, applied to the
OpenSSH version in FreeBSD 12.x.
Security: CVE-2023-38408
Sponsored by: The FreeBSD Foundation
---
crypto/openssh/ssh-pkcs11.c | 6 ++----
crypto/openssh/sshd_config | 2 +-
crypto/openssh/sshd_config.5 | 2 +-
crypto/openssh/version.h | 2 +-
4 files changed, 5 insertions(+), 7 deletions(-)
diff --git a/crypto/openssh/ssh-pkcs11.c b/crypto/openssh/ssh-pkcs11.c
index b2e2b32a5078..9e48c134e411 100644
--- a/crypto/openssh/ssh-pkcs11.c
+++ b/crypto/openssh/ssh-pkcs11.c
@@ -1537,10 +1537,8 @@ pkcs11_register_provider(char *provider_id, char *pin,
error("dlopen %s failed: %s", provider_id, dlerror());
goto fail;
}
- if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) {
- error("dlsym(C_GetFunctionList) failed: %s", dlerror());
- goto fail;
- }
+ if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL)
+ fatal("dlsym(C_GetFunctionList) failed: %s", dlerror());
p = xcalloc(1, sizeof(*p));
p->name = xstrdup(provider_id);
p->handle = handle;
diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config
index 33c6e9a3b130..14a58ef4ddbb 100644
--- a/crypto/openssh/sshd_config
+++ b/crypto/openssh/sshd_config
@@ -106,7 +106,7 @@ AuthorizedKeysFile .ssh/authorized_keys
#PermitTunnel no
#ChrootDirectory none
#UseBlacklist no
-#VersionAddendum FreeBSD-20221019
+#VersionAddendum FreeBSD-20230719
# no default banner path
#Banner none
diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5
index 34dc3648ed26..dd8623d9b4dd 100644
--- a/crypto/openssh/sshd_config.5
+++ b/crypto/openssh/sshd_config.5
@@ -1822,7 +1822,7 @@ The default is
Optionally specifies additional text to append to the SSH protocol banner
sent by the server upon connection.
The default is
-.Qq FreeBSD-20221019 .
+.Qq FreeBSD-20230719 .
The value
.Cm none
may be used to disable this.
diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h
index 30539ed442ca..3f7069aba20f 100644
--- a/crypto/openssh/version.h
+++ b/crypto/openssh/version.h
@@ -6,4 +6,4 @@
#define SSH_PORTABLE "p1"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
-#define SSH_VERSION_FREEBSD "FreeBSD-20221019"
+#define SSH_VERSION_FREEBSD "FreeBSD-20230719"