From: "Theo Gaige (Schneider Electric)" <[email protected]>
Backport patch from [1] matching CVE description in [2] and change described in release note [3]. [1] https://github.com/openssh/openssh-portable/commit/c805b97b67c774e0bf922ffb29dfbcda9d7b5add [2] https://security-tracker.debian.org/tracker/CVE-2026-35388 [3] https://www.openssh.org/releasenotes.html#10.3p1 Signed-off-by: Theo Gaige (Schneider Electric) <[email protected]> Reviewed-by: Bruno Vernay <[email protected]> --- .../openssh/openssh/CVE-2026-35388.patch | 47 +++++++++++++++++++ .../openssh/openssh_9.6p1.bb | 1 + 2 files changed, 48 insertions(+) create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2026-35388.patch diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2026-35388.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2026-35388.patch new file mode 100644 index 0000000000..d5afe2538f --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2026-35388.patch @@ -0,0 +1,47 @@ +From be42fe5ce64f2798048161a891083ef12780ca2a Mon Sep 17 00:00:00 2001 +From: "[email protected]" <[email protected]> +Date: Thu, 2 Apr 2026 07:39:57 +0000 +Subject: [PATCH] upstream: add missing askpass check when using + +ControlMaster=ask/autoask and "ssh -O proxy ..."; reported by Michalis +Vasileiadis + +OpenBSD-Commit-ID: 8dd7b9b96534e9a8726916b96d36bed466d3836a + +CVE: CVE-2026-35388 +Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/c805b97b67c774e0bf922ffb29dfbcda9d7b5add] +Signed-off-by: Theo Gaige (Schneider Electric) <[email protected]> +--- + mux.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/mux.c b/mux.c +index d598a17e2..c841feb79 100644 +--- a/mux.c ++++ b/mux.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: mux.c,v 1.101 2023/11/23 03:37:05 dtucker Exp $ */ ++/* $OpenBSD: mux.c,v 1.113 2026/04/02 07:39:57 djm Exp $ */ + /* + * Copyright (c) 2002-2008 Damien Miller <[email protected]> + * +@@ -1137,6 +1137,16 @@ mux_master_process_proxy(struct ssh *ssh, u_int rid, + + debug_f("channel %d: proxy request", c->self); + ++ if (options.control_master == SSHCTL_MASTER_ASK || ++ options.control_master == SSHCTL_MASTER_AUTO_ASK) { ++ if (!ask_permission("Allow multiplex proxy connection?")) { ++ debug2_f("proxy refused by user"); ++ reply_error(reply, MUX_S_PERMISSION_DENIED, rid, ++ "Permission denied"); ++ return 0; ++ } ++ } ++ + c->mux_rcb = channel_proxy_downstream; + if ((r = sshbuf_put_u32(reply, MUX_S_PROXY)) != 0 || + (r = sshbuf_put_u32(reply, rid)) != 0) +-- +2.43.0 + diff --git a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb index 9267bbd2c9..a1b5d4a553 100644 --- a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb @@ -36,6 +36,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://CVE-2025-61984.patch \ file://CVE-2026-35385.patch \ file://CVE-2026-35387.patch \ + file://CVE-2026-35388.patch \ " SRC_URI[sha256sum] = "910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c" -- 2.43.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#237430): https://lists.openembedded.org/g/openembedded-core/message/237430 Mute This Topic: https://lists.openembedded.org/mt/119404770/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
