mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-13 17:39:57 +00:00
Code Issues Projects Releases Wiki Activity

libssh: fix CVE-2025-4878

Browse Source 
A vulnerability was found in libssh, where an uninitialized variable
exists under certain conditions in the privatekey_from_file() function.
This flaw can be triggered if the file specified by the filename doesn't
exist and may lead to possible signing failures or heap corruption.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-4878

Upstream-patch:
https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1
https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb

Signed-off-by: Rajeshkumar Ramasamy <rajeshkumar.ramasamy@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Rajeshkumar Ramasamy
2025-11-11 12:25:46 +05:30
committed by Gyorgy Sarvari
parent 5f9ee37d4b
commit acd365628a
3 changed files with 2231 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-support/libssh/libssh/CVE-2025-4878-1.patch
+2196
View File
File diff suppressed because it is too large Load Diff
meta-oe/recipes-support/libssh/libssh/CVE-2025-4878-2.patch
+33
View File
@@ -0,0 +1,33 @@
From b35ee876adc92a208d47194772e99f9c71e0bedb Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 28 Apr 2025 11:04:55 +0200
Subject: [PATCH] CVE-2025-4878 legacy: Properly check return value to avoid
NULL pointer dereference
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
CVE: CVE-2025-4878
Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb]
Signed-off-by: Rajeshkumar Ramasamy <rajeshkumar.ramasamy@windriver.com>
---
src/legacy.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/legacy.c b/src/legacy.c
index b1c8e150..ecbaf039 100644
--- a/src/legacy.c
+++ b/src/legacy.c
@@ -428,7 +428,7 @@ ssh_private_key privatekey_from_file(ssh_session session,
auth_fn,
auth_data,
&key);
- if (rc == SSH_ERROR) {
+ if (rc != SSH_OK) {
return NULL;
}
--
2.48.1
meta-oe/recipes-support/libssh/libssh_0.8.9.bb
+2
View File
@@ -22,6 +22,8 @@ SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable
file://run-ptest \
file://CVE-2025-5318.patch \
file://CVE-2025-4877.patch \
file://CVE-2025-4878-1.patch \
file://CVE-2025-4878-2.patch \
"
SRCREV = "04685a74df9ce1db1bc116a83a0da78b4f4fa1f8"