Bug 271839

Summary: crypto/openssh: Status of CVE-2023-28531
Product: Base System Reporter: pascal.bryner
Component: binAssignee: Ed Maste <emaste>
Status: Closed FIXED    
Severity: Affects Many People CC: emaste, grahamperrin, i.dani, secteam
Priority: Normal Keywords: security
Version: 12.4-RELEASEFlags: pascal.bryner: maintainer-feedback? (secteam)
Hardware: Any   
OS: Any   

Description pascal.bryner 2023-06-05 12:28:58 UTC 
Since 03/17/2023 a critical vulnerability in openssh 8.9 up to 9.2 has been reported:
https://www.openwall.com/lists/oss-security/2023/03/15/8

OpenSSH versions prior to 9.3 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).

How is the status of this security-flaw?
According to https://nvd.nist.gov/vuln/detail/CVE-2023-28531 it has been rated as 9.8/critical
Comment 1 commit-hook freebsd_committer freebsd_triage 2023-06-05 16:04:21 UTC 
A commit in branch stable/12 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=2b4fb1350ceea0f2a0f04b1b8f5bfd3c32329ae4

commit 2b4fb1350ceea0f2a0f04b1b8f5bfd3c32329ae4
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2023-06-05 14:49:53 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2023-06-05 14:56:23 +0000

    openssh: include destination constraints for smartcard keys

    From openssh-portable 54ac4ab2b53ce9fcb66b8250dee91c070e4167ed,
    OpenBSD-Commit-ID: add879fac6903a1cb1d1e42c4309e5359c3d870f

    PR:             271839
    Sponsored by:   The FreeBSD Foundation

 crypto/openssh/authfd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 2 pascal.bryner 2023-06-06 07:57:58 UTC 
I've seen the commit has been made to stable/12.
Will there be a security advisory for releng/12.4 or do we have to backport it ourselves from stable/12?
Comment 3 pascal.bryner 2023-06-12 08:10:52 UTC 
Any updates on my previous comment?
Comment 4 commit-hook freebsd_committer freebsd_triage 2023-06-21 05:42:36 UTC 
A commit in branch releng/12.4 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=e374f1ec937f70ab2c89e0b392b45a67752c4172

commit e374f1ec937f70ab2c89e0b392b45a67752c4172
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2023-06-05 14:49:53 +0000
Commit:     Gordon Tetlow <gordon@FreeBSD.org>
CommitDate: 2023-06-21 05:29:49 +0000

    openssh: include destination constraints for smartcard keys

    From openssh-portable 54ac4ab2b53ce9fcb66b8250dee91c070e4167ed,
    OpenBSD-Commit-ID: add879fac6903a1cb1d1e42c4309e5359c3d870f

    PR:             271839
    Sponsored by:   The FreeBSD Foundation
    Approved by:    so
    Security:       FreeBSD-SA-23:05.openssh
    Security:       CVE-2023-28531

    (cherry picked from commit 2b4fb1350ceea0f2a0f04b1b8f5bfd3c32329ae4)

 crypto/openssh/authfd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)