diff options
| author | Hitendra Prajapati <hprajapati@mvista.com> | 2025-06-26 11:44:37 +0530 |
|---|---|---|
| committer | Armin Kuster <akuster808@gmail.com> | 2025-07-02 20:42:48 -0400 |
| commit | 058249f9a836e3aa866436aa6e37d6d48ff768fd (patch) | |
| tree | 18a612382d833ede68050bda5472111ff31ccb71 | |
| parent | 68d3af2e7369204e0c767b10f9ea92bf48991dfd (diff) | |
| download | meta-openembedded-058249f9a836e3aa866436aa6e37d6d48ff768fd.tar.gz | |
libssh: fix CVE-2025-5318
Upstream-Status: Backport from https://git.libssh.org/projects/libssh.git/commit/?id=5f4ffda88770f95482fd0e66aa44106614dbf466
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
| -rw-r--r-- | meta-oe/recipes-support/libssh/libssh/CVE-2025-5318.patch | 31 | ||||
| -rw-r--r-- | meta-oe/recipes-support/libssh/libssh_0.8.9.bb | 1 |
2 files changed, 32 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2025-5318.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2025-5318.patch new file mode 100644 index 0000000000..2f89977873 --- /dev/null +++ b/meta-oe/recipes-support/libssh/libssh/CVE-2025-5318.patch | |||
| @@ -0,0 +1,31 @@ | |||
| 1 | From 5f4ffda88770f95482fd0e66aa44106614dbf466 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Jakub Jelen <jjelen@redhat.com> | ||
| 3 | Date: Tue, 22 Apr 2025 21:18:44 +0200 | ||
| 4 | Subject: CVE-2025-5318: sftpserver: Fix possible buffer overrun | ||
| 5 | |||
| 6 | Signed-off-by: Jakub Jelen <jjelen@redhat.com> | ||
| 7 | Reviewed-by: Andreas Schneider <asn@cryptomilk.org> | ||
| 8 | |||
| 9 | Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/commit/?id=5f4ffda88770f95482fd0e66aa44106614dbf466] | ||
| 10 | CVE: CVE-2025-5318 | ||
| 11 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
| 12 | --- | ||
| 13 | src/sftpserver.c | 2 +- | ||
| 14 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 15 | |||
| 16 | diff --git a/src/sftpserver.c b/src/sftpserver.c | ||
| 17 | index 1af8a0e7..dee51534 100644 | ||
| 18 | --- a/src/sftpserver.c | ||
| 19 | +++ b/src/sftpserver.c | ||
| 20 | @@ -530,7 +530,7 @@ void *sftp_handle(sftp_session sftp, ssh_string handle){ | ||
| 21 | |||
| 22 | memcpy(&val, ssh_string_data(handle), sizeof(uint32_t)); | ||
| 23 | |||
| 24 | - if (val > SFTP_HANDLES) { | ||
| 25 | + if (val >= SFTP_HANDLES) { | ||
| 26 | return NULL; | ||
| 27 | } | ||
| 28 | |||
| 29 | -- | ||
| 30 | 2.49.0 | ||
| 31 | |||
diff --git a/meta-oe/recipes-support/libssh/libssh_0.8.9.bb b/meta-oe/recipes-support/libssh/libssh_0.8.9.bb index 7d0fc2d32f..67e03c4081 100644 --- a/meta-oe/recipes-support/libssh/libssh_0.8.9.bb +++ b/meta-oe/recipes-support/libssh/libssh_0.8.9.bb | |||
| @@ -20,6 +20,7 @@ SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable | |||
| 20 | file://006_CVE-2023-6004.patch \ | 20 | file://006_CVE-2023-6004.patch \ |
| 21 | file://0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch \ | 21 | file://0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch \ |
| 22 | file://run-ptest \ | 22 | file://run-ptest \ |
| 23 | file://CVE-2025-5318.patch \ | ||
| 23 | " | 24 | " |
| 24 | SRCREV = "04685a74df9ce1db1bc116a83a0da78b4f4fa1f8" | 25 | SRCREV = "04685a74df9ce1db1bc116a83a0da78b4f4fa1f8" |
| 25 | 26 | ||