HomeFreeBSD

ssh: Update to OpenSSH 9.3p1

Description

ssh: Update to OpenSSH 9.3p1

This release fixes a number of security bugs and has minor new
features and bug fixes. Security fixes, from the release notes
(https://www.openssh.com/txt/release-9.3):

This release contains fixes for a security problem and a memory
safety problem. The memory safety problem is not believed to be
exploitable, but we report most network-reachable memory faults as
security bugs.

  • ssh-add(1): when adding smartcard keys to ssh-agent(1) with the per-hop destination constraints (ssh-add -h ...) added in OpenSSH 8.9, a logic error prevented the constraints from being communicated to the agent. This resulted in the keys being added without constraints. The common cases of non-smartcard keys and keys without destination constraints are unaffected. This problem was reported by Luci Stanescu.
  • ssh(1): Portable OpenSSH provides an implementation of the getrrsetbyname(3) function if the standard library does not provide it, for use by the VerifyHostKeyDNS feature. A specifically crafted DNS response could cause this function to perform an out-of-bounds read of adjacent stack data, but this condition does not appear to be exploitable beyond denial-of- service to the ssh(1) client.

    The getrrsetbyname(3) replacement is only included if the system's standard library lacks this function and portable OpenSSH was not compiled with the ldns library (--with-ldns). getrrsetbyname(3) is only invoked if using VerifyHostKeyDNS to fetch SSHFP records. This problem was found by the Coverity static analyzer.

Approved by: re (cperciva)
Sponsored by: The FreeBSD Foundation

(cherry picked from commit 4d3fc8b0570b29fb0d6ee9525f104d52176ff0d4)
(cherry picked from commit 802b483630974c2ccf2bfbc90b39102b9e47d22b)

Details

Provenance
emasteAuthored on Mar 16 2023, 2:29 PM
Parents
rG0c0c89736597: heimdal: Resolve hdb_free_entry() SIGSEGV/SIGILL
Branches
Unknown
Tags
Unknown