Bugzilla – Bug 1211190
VUL-0: CVE-2023-2283: libssh: authorization bypass in pki_verify_data_signature
Last modified: 2024-02-20 20:36:46 UTC
CVE-2023-2283 The authentication check of the connecting client can be bypassed in the function `pki_verify_data_signature` in circumstances of memory allocation problems. This may happen f.e. if not enough memory or the memory usage is limited. The problem is caused by the return value `rc`, which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible`. The value of the variable is not changed between this point and the cryptographic verification, therefore any error between them calls `goto error` returning SSH_OK. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2283 https://bugzilla.redhat.com/show_bug.cgi?id=2189736
Advisory: https://www.libssh.org/security/advisories/CVE-2023-2283.txt Fix: https://git.libssh.org/projects/libssh.git/log/?qt=grep&q=CVE-2023-2283 Tracking as affected: - SUSE:SLE-15-SP4:Update/libssh 0.9.6 - openSUSE:Factory/libssh 0.10.4 Not affected: - SUSE:SLE-12-SP5:Update/libssh 0.8.7 - SUSE:SLE-12:Update/libssh 0.6.3 - SUSE:SLE-15-SP1:Update/libssh 0.8.7 - SUSE:SLE-15:Update/libssh 0.7.5
Hi James, can you please submit the requested patch?
SUSE-SU-2024:0140-1: An update that solves five vulnerabilities can now be installed. Category: security (important) Bug References: 1211188, 1211190, 1218126, 1218186, 1218209 CVE References: CVE-2023-1667, CVE-2023-2283, CVE-2023-48795, CVE-2023-6004, CVE-2023-6918 Sources used: openSUSE Leap 15.4 (src): libssh-0.9.8-150400.3.3.1, libssh-test-0.9.8-150400.3.3.1 openSUSE Leap Micro 5.3 (src): libssh-0.9.8-150400.3.3.1 openSUSE Leap Micro 5.4 (src): libssh-0.9.8-150400.3.3.1 openSUSE Leap 15.5 (src): libssh-0.9.8-150400.3.3.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): libssh-0.9.8-150400.3.3.1 SUSE Linux Enterprise Micro 5.3 (src): libssh-0.9.8-150400.3.3.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): libssh-0.9.8-150400.3.3.1 SUSE Linux Enterprise Micro 5.4 (src): libssh-0.9.8-150400.3.3.1 SUSE Linux Enterprise Micro 5.5 (src): libssh-0.9.8-150400.3.3.1 Basesystem Module 15-SP5 (src): libssh-0.9.8-150400.3.3.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): libssh-0.9.8-150400.3.3.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): libssh-0.9.8-150400.3.3.1 SUSE Linux Enterprise Real Time 15 SP4 (src): libssh-0.9.8-150400.3.3.1 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): libssh-0.9.8-150400.3.3.1 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): libssh-0.9.8-150400.3.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): libssh-0.9.8-150400.3.3.1 SUSE Manager Proxy 4.3 (src): libssh-0.9.8-150400.3.3.1 SUSE Manager Retail Branch Server 4.3 (src): libssh-0.9.8-150400.3.3.1 SUSE Manager Server 4.3 (src): libssh-0.9.8-150400.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:0525-1: An update that solves nine vulnerabilities and contains one feature can now be installed. Category: security (important) Bug References: 1158095, 1168699, 1174713, 1189608, 1211188, 1211190, 1218126, 1218186, 1218209 CVE References: CVE-2019-14889, CVE-2020-16135, CVE-2020-1730, CVE-2021-3634, CVE-2023-1667, CVE-2023-2283, CVE-2023-48795, CVE-2023-6004, CVE-2023-6918 Jira References: PED-7719 Sources used: SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): libssh-0.9.8-150200.13.3.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): libssh-0.9.8-150200.13.3.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): libssh-0.9.8-150200.13.3.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): libssh-0.9.8-150200.13.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): libssh-0.9.8-150200.13.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): libssh-0.9.8-150200.13.3.1 SUSE Enterprise Storage 7.1 (src): libssh-0.9.8-150200.13.3.1 SUSE Linux Enterprise Micro 5.1 (src): libssh-0.9.8-150200.13.3.1 SUSE Linux Enterprise Micro 5.2 (src): libssh-0.9.8-150200.13.3.1 SUSE Linux Enterprise Micro for Rancher 5.2 (src): libssh-0.9.8-150200.13.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:0539-1: An update that solves nine vulnerabilities and contains one feature can now be installed. Category: security (important) Bug References: 1158095, 1168699, 1174713, 1189608, 1211188, 1211190, 1218126, 1218186, 1218209 CVE References: CVE-2019-14889, CVE-2020-16135, CVE-2020-1730, CVE-2021-3634, CVE-2023-1667, CVE-2023-2283, CVE-2023-48795, CVE-2023-6004, CVE-2023-6918 Jira References: PED-7719 Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): libssh-0.9.8-3.12.2 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): libssh-0.9.8-3.12.2 SUSE Linux Enterprise Server 12 SP5 (src): libssh-0.9.8-3.12.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): libssh-0.9.8-3.12.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.