mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-26 09:32:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

openssh: upgrade 9.2p1 -> 9.3p1

Browse Source 
OpenSSH 9.3p1 fixes 1 HIGH level security vulnerability.

Upgrade the recipe to point to 9.3p1.

CVEs Fixed:
1) CVE-2023-28531
- ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints.

(From OE-Core rev: ca4b4165f388a8b8bb80c120a2baef00e7e3bcac)

Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Siddharth Doshi
2023-03-27 14:06:20 +05:30
committed by Richard Purdie
parent e9e5a7910e
commit e3afe16694
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
meta/recipes-connectivity/openssh/openssh_9.2p1.bb → meta/recipes-connectivity/openssh/openssh_9.3p1.bb
View File

@@ -25,7 +25,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
file://sshd_check_keys \
file://add-test-support-for-busybox.patch \
"
SRC_URI[sha256sum] = "3f66dbf1655fb45f50e1c56da62ab01218c228807b21338d634ebcdf9d71cf46"
SRC_URI[sha256sum] = "e9baba7701a76a51f3d85a62c383a3c9dcd97fa900b859bc7db114c1868af8a8"
# This CVE is specific to OpenSSH with the pam opie which we don't build/use here
CVE_CHECK_IGNORE += "CVE-2007-2768"