mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-28 06:32:34 +02:00
Code Issues Packages Projects Releases Wiki Activity

openssh: Fix CVE-2025-26466

Browse Source 
sshd(8) in OpenSSH versions 9.5p1 to 9.9p1
  (inclusive) is vulnerable to a memory/CPU denial-of-service related
  to the handling of SSH2_MSG_PING packets. This condition may be
  mitigated using the existing PerSourcePenalties feature.

Upstream-Status: Backport [6ce00f0c2e]

(From OE-Core rev: 7360f3998939e202f9611644a8bed0c3fe0c782a)

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Vijay Anusuri
2025-03-04 09:36:58 +05:30
committed by Steve Sakoman
parent 3646348c98
commit d20a52f2fc
2 changed files with 39 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
meta/recipes-connectivity/openssh/openssh/CVE-2025-26466.patch Normal file
View File

@@ -0,0 +1,38 @@
From 6ce00f0c2ecbb9f75023dbe627ee6460bcec78c2 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Tue, 18 Feb 2025 08:02:12 +0000
Subject: [PATCH] upstream: Don't reply to PING in preauth phase or during KEX
Reported by the Qualys Security Advisory team. ok markus@
OpenBSD-Commit-ID: c656ac4abd1504389d1733d85152044b15830217
Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/6ce00f0c2ecbb9f75023dbe627ee6460bcec78c2]
CVE: CVE-2025-26466
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
packet.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/packet.c b/packet.c
index beb214f..aeab98c 100644
--- a/packet.c
+++ b/packet.c
@@ -1773,6 +1773,14 @@ ssh_packet_read_poll_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
if ((r = sshpkt_get_string_direct(ssh, &d, &len)) != 0)
return r;
DBG(debug("Received SSH2_MSG_PING len %zu", len));
+ if (!ssh->state->after_authentication) {
+ DBG(debug("Won't reply to PING in preauth"));
+ break;
+ }
+ if (ssh_packet_is_rekeying(ssh)) {
+ DBG(debug("Won't reply to PING during KEX"));
+ break;
+ }
if ((r = sshpkt_start(ssh, SSH2_MSG_PONG)) != 0 ||
(r = sshpkt_put_string(ssh, d, len)) != 0 ||
(r = sshpkt_send(ssh)) != 0)
--
2.25.1

1
meta/recipes-connectivity/openssh/openssh_9.6p1.bb
View File

@@ -29,6 +29,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
file://CVE-2024-6387.patch \
file://CVE-2024-39894.patch \
file://0001-Fix-missing-header-for-systemd-notification.patch \
file://CVE-2025-26466.patch \
"
SRC_URI[sha256sum] = "910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c"