[OE-core][dunfell 16/18] openssh: upgrade 8.3p1 -> 8.4p1 to fix CVE-2020-14145 and CVE-2020-15778

Fri, 13 Nov 2020 06:54:09 -0800 

From: Alexander Kanavin <[email protected]>

CVE-2020-14145

The client side in OpenSSH 5.7 through 8.3 has an Observable
Discrepancy leading to an information leak in the algorithm
negotiation. This allows man-in-the-middle attackers to target
initial connection attempts (where no host key for the server
has been cached by the client).

CVE-2020-15778

scp in OpenSSH through 8.3p1 allows command injection in the scp.c
toremote function, as demonstrated by backtick characters in the
destination argument.

Signed-off-by: Alexander Kanavin <[email protected]>
Signed-off-by: Richard Purdie <[email protected]>
(cherry picked from commit fc394ade8a0033bc695d979e592e8e92a882c54d)
Signed-off-by: Steve Sakoman <[email protected]>
---
 .../openssh/{openssh_8.3p1.bb => openssh_8.4p1.bb}              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-connectivity/openssh/{openssh_8.3p1.bb => 
openssh_8.4p1.bb} (98%)

diff --git a/meta/recipes-connectivity/openssh/openssh_8.3p1.bb 
b/meta/recipes-connectivity/openssh/openssh_8.4p1.bb
similarity index 98%
rename from meta/recipes-connectivity/openssh/openssh_8.3p1.bb
rename to meta/recipes-connectivity/openssh/openssh_8.4p1.bb
index e007328704..720b238e71 100644
--- a/meta/recipes-connectivity/openssh/openssh_8.3p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_8.4p1.bb
@@ -25,7 +25,7 @@ SRC_URI = 
"http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
            file://sshd_check_keys \
            file://add-test-support-for-busybox.patch \
            "
-SRC_URI[sha256sum] = 
"f2befbe0472fe7eb75d23340eb17531cb6b3aac24075e2066b41f814e12387b2"
+SRC_URI[sha256sum] = 
"5a01d22e407eb1c05ba8a8f7c654d388a13e9f226e4ed33bd38748dafa1d2b24"
 
 PAM_SRC_URI = "file://sshd"
 
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#144567): 
https://lists.openembedded.org/g/openembedded-core/message/144567
Mute This Topic: https://lists.openembedded.org/mt/78230616/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to