mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-16 04:17:25 +00:00
libssh: fix CVE-2025-4878
A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption. Reference: https://security-tracker.debian.org/tracker/CVE-2025-4878 Upstream-patches: https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1 https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
This commit is contained in:
committed by
Anuj Mittal
parent
b9fb6556a3
commit
71b601e3d7
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,34 @@
|
|||||||
|
From b35ee876adc92a208d47194772e99f9c71e0bedb Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Mon, 28 Apr 2025 11:04:55 +0200
|
||||||
|
Subject: [PATCH] CVE-2025-4878 legacy: Properly check return value to avoid
|
||||||
|
NULL pointer dereference
|
||||||
|
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
||||||
|
|
||||||
|
CVE: CVE-2025-4878
|
||||||
|
|
||||||
|
Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb]
|
||||||
|
|
||||||
|
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
|
||||||
|
---
|
||||||
|
src/legacy.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/legacy.c b/src/legacy.c
|
||||||
|
index 7359040c..f73ef6cc 100644
|
||||||
|
--- a/src/legacy.c
|
||||||
|
+++ b/src/legacy.c
|
||||||
|
@@ -452,7 +452,7 @@ ssh_private_key privatekey_from_file(ssh_session session,
|
||||||
|
auth_fn,
|
||||||
|
auth_data,
|
||||||
|
&key);
|
||||||
|
- if (rc == SSH_ERROR) {
|
||||||
|
+ if (rc != SSH_OK) {
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.40.0
|
||||||
|
|
||||||
@@ -14,6 +14,8 @@ SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable
|
|||||||
file://CVE-2025-5351.patch \
|
file://CVE-2025-5351.patch \
|
||||||
file://CVE-2025-5372.patch \
|
file://CVE-2025-5372.patch \
|
||||||
file://CVE-2025-4877.patch \
|
file://CVE-2025-4877.patch \
|
||||||
|
file://CVE-2025-4878-0001.patch \
|
||||||
|
file://CVE-2025-4878-0002.patch \
|
||||||
"
|
"
|
||||||
SRCREV = "10e09e273f69e149389b3e0e5d44b8c221c2e7f6"
|
SRCREV = "10e09e273f69e149389b3e0e5d44b8c221c2e7f6"
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user