mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

libssh: fix CVE-2025-5987

Browse Source 
A flaw was found in libssh when using the ChaCha20 cipher with the
OpenSSL library. If an attacker manages to exhaust the heap space,
this error is not detected and may lead to libssh using a partially
initialized cipher context. This occurs because the OpenSSL error
code returned aliases with the SSH_OK code, resulting in libssh not
properly detecting the error returned by the OpenSSL library.
This issue can lead to undefined behavior, including compromised
data confidentiality and integrity or crashes.

Reference:
https://security-tracker.debian.org/tracker/CVE-2025-5987

Upstream-patch:
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=90b4845e0c98574bbf7bea9e97796695f064bf57

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
This commit is contained in:
Divya Chellam
2025-09-11 16:07:05 +05:30
committed by Anuj Mittal
parent 71b601e3d7
commit 3702195a7e
2 changed files with 38 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-support/libssh/libssh/CVE-2025-5987.patch
+37
View File
@@ -0,0 +1,37 @@
From 90b4845e0c98574bbf7bea9e97796695f064bf57 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 6 May 2025 22:51:41 +0200
Subject: [PATCH] CVE-2025-5987 libcrypto: Correctly detect failures of chacha
initialization
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
CVE: CVE-2025-5987
Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/commit/?id=90b4845e0c98574bbf7bea9e97796695f064bf57]
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
---
src/libcrypto.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/libcrypto.c b/src/libcrypto.c
index 76e067d3..69a850de 100644
--- a/src/libcrypto.c
+++ b/src/libcrypto.c
@@ -771,9 +771,9 @@ chacha20_poly1305_set_key(struct ssh_cipher_struct *cipher,
SSH_LOG(SSH_LOG_WARNING, "EVP_CIPHER_CTX_new failed");
goto out;
}
- ret = EVP_EncryptInit_ex(ctx->header_evp, EVP_chacha20(), NULL,
+ rv = EVP_EncryptInit_ex(ctx->header_evp, EVP_chacha20(), NULL,
u8key + CHACHA20_KEYLEN, NULL);
- if (ret != 1) {
+ if (rv != 1) {
SSH_LOG(SSH_LOG_WARNING, "EVP_CipherInit failed");
goto out;
}
--
2.40.0
meta-oe/recipes-support/libssh/libssh_0.10.6.bb
+1
View File
@@ -16,6 +16,7 @@ SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable
file://CVE-2025-4877.patch \
file://CVE-2025-4878-0001.patch \
file://CVE-2025-4878-0002.patch \
file://CVE-2025-5987.patch \
"
SRCREV = "10e09e273f69e149389b3e0e5d44b8c221c2e7f6"