diff --git a/SOURCES/openssh-9.3p1-upstream-cve-2023-38408.patch b/SOURCES/openssh-9.3p1-upstream-cve-2023-38408.patch new file mode 100644 index 0000000..5632ba1 --- /dev/null +++ b/SOURCES/openssh-9.3p1-upstream-cve-2023-38408.patch @@ -0,0 +1,17 @@ +diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c +index 6be647ec..ebddf6c3 100644 +--- a/ssh-pkcs11.c ++++ b/ssh-pkcs11.c +@@ -1537,10 +1537,8 @@ pkcs11_register_provider(char *provider_id, char *pin, + error("dlopen %s failed: %s", provider_module, dlerror()); + goto fail; + } +- if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) { +- error("dlsym(C_GetFunctionList) failed: %s", dlerror()); +- goto fail; +- } ++ if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) ++ fatal("dlsym(C_GetFunctionList) failed: %s", dlerror()); + + p->module->handle = handle; + /* setup the pkcs11 callbacks */ diff --git a/SPECS/openssh.spec b/SPECS/openssh.spec index 8ae9852..28fb95a 100644 --- a/SPECS/openssh.spec +++ b/SPECS/openssh.spec @@ -51,7 +51,7 @@ # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %global openssh_ver 8.7p1 -%global openssh_rel 29 +%global openssh_rel 30 %global pam_ssh_agent_ver 0.10.4 %global pam_ssh_agent_rel 5 @@ -265,6 +265,9 @@ Patch1007: openssh-8.7p1-nohostsha1proof.patch # upstream 12da7823336434a403f25c7cc0c2c6aed0737a35 # to fix 1005 Patch1008: openssh-8.7p1-CVE-2023-25136.patch +# upsream commit +# b23fe83f06ee7e721033769cfa03ae840476d280 +Patch1015: openssh-9.3p1-upstream-cve-2023-38408.patch License: BSD Requires: /sbin/nologin @@ -472,6 +475,7 @@ popd %patch1006 -p1 -b .negotiate-supported-algs %patch100 -p1 -b .coverity +%patch1015 -p1 -b .cve-2023-38408 %patch1007 -p1 -b .sshrsacheck %patch1008 -p1 -b .cve-2023-25136 @@ -761,6 +765,10 @@ test -f %{sysconfig_anaconda} && \ %endif %changelog +* Thu Jul 20 2023 Dmitry Belyavskiy - 8.7p1-30 +- Avoid remote code execution in ssh-agent PKCS#11 support + Resolves: CVE-2023-38408 + * Thu Apr 06 2023 Dmitry Belyavskiy - 8.7p1-29 - Resolve possible self-DoS with some clients Resolves: rhbz#2186473