7795 – [Anolis OS 23] Bugfix for CVE-2023-48795

Bug 7795 - [Anolis OS 23] Bugfix for CVE-2023-48795

Summary: [Anolis OS 23] Bugfix for CVE-2023-48795

Status:	RESOLVED FIXED

Alias:	None

Product:	Anolis OS 23
Classification:	Anolis OS
Component:	BaseOS Packages (show other bugs)	BaseOS Packages
Sub Component:
Version:	unspecified
Hardware:	All Linux

Importance:	P4-Low S4-trivial
Target Milestone:	---
Assignee:	happy_orange
QA Contact:	bolong_tbl

URL:
Whiteboard:
Keywords:	CVE

Depends on:
Blocks:

Reported:	2023-12-25 14:47 UTC by 小龙
Modified:	2023-12-25 14:48 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description 小龙 admin

2023-12-25 14:47:29 UTC

Description:
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, and libssh2 through 1.11.0; and there could be effects on Bitvise SSH through 9.31.

Broken commit info:

Bugfix commit info:
https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0
https://github.com/mwiede/jsch/pull/461
https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951
https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951" target="_blank" rel="noopener noreferrer
https://github.com/libssh2/libssh2/pull/1291
https://github.com/openssh/openssh-portable/commit/1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5
https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d
https://github.com/NixOS/nixpkgs/pull/275249
https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab
https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5
https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0" target="_blank" rel="noopener noreferrer
https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d" target="_blank" rel="noopener noreferrer
https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3

Comment 1 小龙 admin

2023-12-25 14:48:16 UTC

PR: 
https://gitee.com/src-anolis-os/libssh/pulls/16