[Buildroot] [PATCH 1/1] package/libssh: security bump to version 0.9.6
Peter Korsgaard
peter at korsgaard.com
Tue Sep 14 12:13:52 UTC 2021
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> Fix CVE-2021-3634: A flaw has been found in libssh in versions prior to
> 0.9.6. The SSH protocol keeps track of two shared secrets during the
> lifetime of the session. One of them is called secret_hash and the other
> session_id. Initially, both of them are the same, but after key
> re-exchange, previous session_id is kept and used as an input to new
> secret_hash. Historically, both of these buffers had shared length
> variable, which worked as long as these buffers were same. But the key
> re-exchange operation can also change the key exchange method, which can
> be based on hash of different size, eventually creating "secret_hash" of
> different size than the session_id has. This becomes an issue when the
> session_id memory is zeroed or when it is used again during second key
> re-exchange.
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed to 2021.02.x, 2021.05.x and 2021.08.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list