Bug 271839 - crypto/openssh: Status of CVE-2023-28531
Summary: crypto/openssh: Status of CVE-2023-28531
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 12.4-RELEASE
Hardware: Any Any
: Normal Affects Many People
Assignee: Ed Maste
URL:
Keywords: security
Depends on:
Blocks:
 
Reported: 2023-06-05 12:28 UTC by pascal.bryner
Modified: 2023-06-21 12:38 UTC (History)
4 users (show)

See Also:
pascal.bryner: maintainer-feedback? (secteam)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description pascal.bryner 2023-06-05 12:28:58 UTC 
Since 03/17/2023 a critical vulnerability in openssh 8.9 up to 9.2 has been reported:
https://www.openwall.com/lists/oss-security/2023/03/15/8

OpenSSH versions prior to 9.3 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).

How is the status of this security-flaw?
According to https://nvd.nist.gov/vuln/detail/CVE-2023-28531 it has been rated as 9.8/critical
Comment 1 commit-hook freebsd_committer freebsd_triage 2023-06-05 16:04:21 UTC 
A commit in branch stable/12 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=2b4fb1350ceea0f2a0f04b1b8f5bfd3c32329ae4

commit 2b4fb1350ceea0f2a0f04b1b8f5bfd3c32329ae4
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2023-06-05 14:49:53 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2023-06-05 14:56:23 +0000

    openssh: include destination constraints for smartcard keys

    From openssh-portable 54ac4ab2b53ce9fcb66b8250dee91c070e4167ed,
    OpenBSD-Commit-ID: add879fac6903a1cb1d1e42c4309e5359c3d870f

    PR:             271839
    Sponsored by:   The FreeBSD Foundation

 crypto/openssh/authfd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 2 pascal.bryner 2023-06-06 07:57:58 UTC 
I've seen the commit has been made to stable/12.
Will there be a security advisory for releng/12.4 or do we have to backport it ourselves from stable/12?
Comment 3 pascal.bryner 2023-06-12 08:10:52 UTC 
Any updates on my previous comment?
Comment 4 commit-hook freebsd_committer freebsd_triage 2023-06-21 05:42:36 UTC 
A commit in branch releng/12.4 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=e374f1ec937f70ab2c89e0b392b45a67752c4172

commit e374f1ec937f70ab2c89e0b392b45a67752c4172
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2023-06-05 14:49:53 +0000
Commit:     Gordon Tetlow <gordon@FreeBSD.org>
CommitDate: 2023-06-21 05:29:49 +0000

    openssh: include destination constraints for smartcard keys

    From openssh-portable 54ac4ab2b53ce9fcb66b8250dee91c070e4167ed,
    OpenBSD-Commit-ID: add879fac6903a1cb1d1e42c4309e5359c3d870f

    PR:             271839
    Sponsored by:   The FreeBSD Foundation
    Approved by:    so
    Security:       FreeBSD-SA-23:05.openssh
    Security:       CVE-2023-28531

    (cherry picked from commit 2b4fb1350ceea0f2a0f04b1b8f5bfd3c32329ae4)

 crypto/openssh/authfd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)