From https://www.openwall.com/lists/oss-security/2022/10/04/1 : Security ======== This release contains fixes for three minor memory safety problems. None are believed to be exploitable, but we report most memory safety problems as potential security vulnerabilities out of caution. * ssh-keyscan(1): fix a one-byte overflow in SSH- banner processing. Reported by Qualys * ssh-keygen(1): double free() in error path of file hashing step in signing/verify code; GHPR333 * ssh-keysign(8): double-free in error path introduced in openssh-8.9
GLSA request filed. We should get CVEs for this.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=4bba232aa0519e18c1541480c7f0b8dcb717ecb2 commit 4bba232aa0519e18c1541480c7f0b8dcb717ecb2 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-12-28 18:57:54 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-12-28 18:59:24 +0000 [ GLSA 202212-06 ] OpenSSH: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/733802 Bug: https://bugs.gentoo.org/815010 Bug: https://bugs.gentoo.org/874876 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202212-06.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=08f683984806bb85009e0e7ab23623600c8129e2 commit 08f683984806bb85009e0e7ab23623600c8129e2 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-12-28 20:43:45 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-12-28 20:43:58 +0000 net-misc/openssh: drop 9.0_p1-r6, 9.1_p1 Bug: https://bugs.gentoo.org/874876 Bug: https://bugs.gentoo.org/733802 Signed-off-by: John Helmert III <ajak@gentoo.org> net-misc/openssh/Manifest | 7 - net-misc/openssh/openssh-9.0_p1-r6.ebuild | 499 ----------------------------- net-misc/openssh/openssh-9.1_p1.ebuild | 514 ------------------------------ 3 files changed, 1020 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eadbba1d383201b13a6392480682a029d5cd6632 commit eadbba1d383201b13a6392480682a029d5cd6632 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-12-28 20:47:37 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-12-28 20:47:37 +0000 net-misc/openssh: drop 9.0_p1-r6 Bug: https://bugs.gentoo.org/733802 Bug: https://bugs.gentoo.org/874876 Signed-off-by: John Helmert III <ajak@gentoo.org> net-misc/openssh/Manifest | 4 - net-misc/openssh/openssh-9.0_p1-r6.ebuild | 499 ------------------------------ 2 files changed, 503 deletions(-)
Cleanup done, all done.