[meta-openembedded][master][PATCH] libssh 0.11.3: Fix CVE-2026-3731

All of lore.kernel.org
 help / color / mirror / Atom feed

* [meta-openembedded][master][PATCH] libssh 0.11.3: Fix CVE-2026-3731
@ 2026-03-10 12:14 Deepak Rathore -X (deeratho - E INFOCHIPS PRIVATE LIMITED at Cisco)
  2026-03-10 12:18 ` [oe] " Gyorgy Sarvari
  0 siblings, 1 reply; 4+ messages in thread
From: Deepak Rathore -X (deeratho - E INFOCHIPS PRIVATE LIMITED at Cisco) @ 2026-03-10 12:14 UTC (permalink / raw)
  To: openembedded-devel

From: Deepak Rathore <deeratho@cisco.com>

Upstream Repository: https://git.libssh.org/projects/libssh.git

Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3731
Type: Security Fix
CVE: CVE-2026-3731
Score: 9.8
Patch: https://git.libssh.org/projects/libssh.git/commit/?id=855a0853ad3a

Signed-off-by: Deepak Rathore <deeratho@cisco.com>

diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2026-3731.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2026-3731.patch
new file mode 100644
index 0000000000..88e6ff1c48
--- /dev/null
+++ b/meta-oe/recipes-support/libssh/libssh/CVE-2026-3731.patch
@@ -0,0 +1,43 @@
+From e46f096ad5294428509077c887233554d62ead0e Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Thu, 11 Dec 2025 13:22:44 +0100
+Subject: [PATCH] sftp: Fix out-of-bound read from sftp extensions
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+CVE: CVE-2026-3731
+Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/commit/?id=855a0853ad3a]
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+Reviewed-by: Pavol Žáčik <pzacik@redhat.com>
+(cherry picked from commit 855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60)
+Signed-off-by: Deepak Rathore <deeratho@cisco.com>
+---
+ src/sftp.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/sftp.c b/src/sftp.c
+index 37b4133b..cbcdb066 100644
+--- a/src/sftp.c
++++ b/src/sftp.c
+@@ -583,7 +583,7 @@ const char *sftp_extensions_get_name(sftp_session sftp, unsigned int idx) {
+     return NULL;
+   }
+
+-  if (idx > sftp->ext->count) {
++  if (idx >= sftp->ext->count) {
+     ssh_set_error_invalid(sftp->session);
+     return NULL;
+   }
+@@ -599,7 +599,7 @@ const char *sftp_extensions_get_data(sftp_session sftp, unsigned int idx) {
+     return NULL;
+   }
+
+-  if (idx > sftp->ext->count) {
++  if (idx >= sftp->ext->count) {
+     ssh_set_error_invalid(sftp->session);
+     return NULL;
+   }
+--
+2.51.0
diff --git a/meta-oe/recipes-support/libssh/libssh_0.11.3.bb b/meta-oe/recipes-support/libssh/libssh_0.11.3.bb
index 5928581312..9f66736b29 100644
--- a/meta-oe/recipes-support/libssh/libssh_0.11.3.bb
+++ b/meta-oe/recipes-support/libssh/libssh_0.11.3.bb
@@ -9,6 +9,7 @@ DEPENDS = "zlib openssl"
 SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable-0.11;tag=${BPN}-${PV} \
            file://0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch \
            file://run-ptest \
+           file://CVE-2026-3731.patch \
           "
 
 SRC_URI:append:toolchain-clang = " file://0001-CompilerChecks.cmake-drop-Wunused-variable-flag.patch"
-- 
2.35.6



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [oe] [meta-openembedded][master][PATCH] libssh 0.11.3: Fix CVE-2026-3731
  2026-03-10 12:14 [meta-openembedded][master][PATCH] libssh 0.11.3: Fix CVE-2026-3731 Deepak Rathore -X (deeratho - E INFOCHIPS PRIVATE LIMITED at Cisco)
@ 2026-03-10 12:18 ` Gyorgy Sarvari
  2026-03-10 15:13   ` Deepak Rathore
  0 siblings, 1 reply; 4+ messages in thread
From: Gyorgy Sarvari @ 2026-03-10 12:18 UTC (permalink / raw)
  To: deeratho, openembedded-devel

Why not upgrade it to 0.11.4 in master, instead of patching it?

On 3/10/26 13:14, Deepak Rathore via lists.openembedded.org wrote:
> From: Deepak Rathore <deeratho@cisco.com>
>
> Upstream Repository: https://git.libssh.org/projects/libssh.git
>
> Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3731
> Type: Security Fix
> CVE: CVE-2026-3731
> Score: 9.8
> Patch: https://git.libssh.org/projects/libssh.git/commit/?id=855a0853ad3a
>
> Signed-off-by: Deepak Rathore <deeratho@cisco.com>
>
> diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2026-3731.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2026-3731.patch
> new file mode 100644
> index 0000000000..88e6ff1c48
> --- /dev/null
> +++ b/meta-oe/recipes-support/libssh/libssh/CVE-2026-3731.patch
> @@ -0,0 +1,43 @@
> +From e46f096ad5294428509077c887233554d62ead0e Mon Sep 17 00:00:00 2001
> +From: Jakub Jelen <jjelen@redhat.com>
> +Date: Thu, 11 Dec 2025 13:22:44 +0100
> +Subject: [PATCH] sftp: Fix out-of-bound read from sftp extensions
> +MIME-Version: 1.0
> +Content-Type: text/plain; charset=UTF-8
> +Content-Transfer-Encoding: 8bit
> +
> +CVE: CVE-2026-3731
> +Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/commit/?id=855a0853ad3a]
> +
> +Signed-off-by: Jakub Jelen <jjelen@redhat.com>
> +Reviewed-by: Pavol Žáčik <pzacik@redhat.com>
> +(cherry picked from commit 855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60)
> +Signed-off-by: Deepak Rathore <deeratho@cisco.com>
> +---
> + src/sftp.c | 4 ++--
> + 1 file changed, 2 insertions(+), 2 deletions(-)
> +
> +diff --git a/src/sftp.c b/src/sftp.c
> +index 37b4133b..cbcdb066 100644
> +--- a/src/sftp.c
> ++++ b/src/sftp.c
> +@@ -583,7 +583,7 @@ const char *sftp_extensions_get_name(sftp_session sftp, unsigned int idx) {
> +     return NULL;
> +   }
> +
> +-  if (idx > sftp->ext->count) {
> ++  if (idx >= sftp->ext->count) {
> +     ssh_set_error_invalid(sftp->session);
> +     return NULL;
> +   }
> +@@ -599,7 +599,7 @@ const char *sftp_extensions_get_data(sftp_session sftp, unsigned int idx) {
> +     return NULL;
> +   }
> +
> +-  if (idx > sftp->ext->count) {
> ++  if (idx >= sftp->ext->count) {
> +     ssh_set_error_invalid(sftp->session);
> +     return NULL;
> +   }
> +--
> +2.51.0
> diff --git a/meta-oe/recipes-support/libssh/libssh_0.11.3.bb b/meta-oe/recipes-support/libssh/libssh_0.11.3.bb
> index 5928581312..9f66736b29 100644
> --- a/meta-oe/recipes-support/libssh/libssh_0.11.3.bb
> +++ b/meta-oe/recipes-support/libssh/libssh_0.11.3.bb
> @@ -9,6 +9,7 @@ DEPENDS = "zlib openssl"
>  SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable-0.11;tag=${BPN}-${PV} \
>             file://0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch \
>             file://run-ptest \
> +           file://CVE-2026-3731.patch \
>            "
>  
>  SRC_URI:append:toolchain-clang = " file://0001-CompilerChecks.cmake-drop-Wunused-variable-flag.patch"
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#125024): https://lists.openembedded.org/g/openembedded-devel/message/125024
> Mute This Topic: https://lists.openembedded.org/mt/118239463/6084445
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [skandigraun@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>



^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [meta-openembedded][master][PATCH] libssh 0.11.3: Fix CVE-2026-3731
  2026-03-10 12:18 ` [oe] " Gyorgy Sarvari
@ 2026-03-10 15:13   ` Deepak Rathore
  2026-03-10 15:17     ` [oe] " Gyorgy Sarvari
  0 siblings, 1 reply; 4+ messages in thread
From: Deepak Rathore @ 2026-03-10 15:13 UTC (permalink / raw)
  To: openembedded-devel

[-- Attachment #1: Type: text/plain, Size: 398 bytes --]

Hi Gyorgy Sarvari,

This CVE is fixed in libssh-0.12.0 tag and master branch which is major upgrade for master branch. Please refer below URL:
projects/libssh.git - libssh shared repository ( https://git.libssh.org/projects/libssh.git/commit/?h=libssh-0.12.0&id=855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60 )

Please suggest if we can upgrade to libssh-0.12.0 release or not.

Regards,
Deepak

[-- Attachment #2: Type: text/html, Size: 529 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [oe] [meta-openembedded][master][PATCH] libssh 0.11.3: Fix CVE-2026-3731
  2026-03-10 15:13   ` Deepak Rathore
@ 2026-03-10 15:17     ` Gyorgy Sarvari
  0 siblings, 0 replies; 4+ messages in thread
From: Gyorgy Sarvari @ 2026-03-10 15:17 UTC (permalink / raw)
  To: deeratho, openembedded-devel

On 3/10/26 16:13, Deepak Rathore via lists.openembedded.org wrote:
> Hi Gyorgy Sarvari,
>  
> This CVE is fixed in libssh-0.12.0 tag and master branch which is
> major upgrade for master branch. Please refer below URL:
> projects/libssh.git - libssh shared repository
> <https://git.libssh.org/projects/libssh.git/commit/?h=libssh-0.12.0&id=855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60>
>  
> Please suggest if we can upgrade to libssh-0.12.0 release or not.

Certainly you can - the Stable/LTS policy for frozen major versions is
only valid for the named branches.
Master branch can take all version updates anytime, without any special
process.

>  
> Regards,
> Deepak
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#125033): https://lists.openembedded.org/g/openembedded-devel/message/125033
> Mute This Topic: https://lists.openembedded.org/mt/118239463/6084445
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [skandigraun@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>



^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2026-03-10 15:17 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-10 12:14 [meta-openembedded][master][PATCH] libssh 0.11.3: Fix CVE-2026-3731 Deepak Rathore -X (deeratho - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-03-10 12:18 ` [oe] " Gyorgy Sarvari
2026-03-10 15:13   ` Deepak Rathore
2026-03-10 15:17     ` [oe] " Gyorgy Sarvari

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.