Hi Team, Just checking in—do we have any updates on this?
I wasn’t able to find it in meta-openembedded-contrib. Thanks & Regards, Vijay On Wed, Mar 25, 2026 at 6:11 PM <[email protected]> wrote: > From: Vijay Anusuri <[email protected]> > > Pick commits according to [1] > > [1] https://security-tracker.debian.org/tracker/CVE-2026-0966 > [2] https://www.libssh.org/security/advisories/CVE-2026-0966.txt > > Skip the test commit as it's not applicable in libssh-0.8.9 > > Signed-off-by: Vijay Anusuri <[email protected]> > --- > .../libssh/libssh/CVE-2026-0966-1.patch | 38 ++++++++++++ > .../libssh/libssh/CVE-2026-0966-2.patch | 62 +++++++++++++++++++ > .../recipes-support/libssh/libssh_0.8.9.bb | 2 + > 3 files changed, 102 insertions(+) > create mode 100644 > meta-oe/recipes-support/libssh/libssh/CVE-2026-0966-1.patch > create mode 100644 > meta-oe/recipes-support/libssh/libssh/CVE-2026-0966-2.patch > > diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2026-0966-1.patch > b/meta-oe/recipes-support/libssh/libssh/CVE-2026-0966-1.patch > new file mode 100644 > index 0000000000..a645282afd > --- /dev/null > +++ b/meta-oe/recipes-support/libssh/libssh/CVE-2026-0966-1.patch > @@ -0,0 +1,38 @@ > +From 6ba5ff1b7b1547a59f750fbc06b89737b7456117 Mon Sep 17 00:00:00 2001 > +From: Jakub Jelen <[email protected]> > +Date: Thu, 8 Jan 2026 12:09:50 +0100 > +Subject: [PATCH] CVE-2026-0966 misc: Avoid heap buffer underflow in > ssh_get_hexa > + > +Signed-off-by: Jakub Jelen <[email protected]> > +Reviewed-by: Pavol Žáčik <[email protected]> > +(cherry picked from commit 417a095e6749a1f3635e02332061edad3c6a3401) > + > +ssh_get_hexa function not present in misc.c. It was in dh.c file in > +older libssh versions. > + > +ssh_get_hexa function moved from dh.c from misc.c by the below commit > + > https://git.libssh.org/projects/libssh.git/commit/?id=43a4f86b6e14a907b3a298d10d5cd7efb59f6a09 > + > +Upstream-Status: Backport [ > https://git.libssh.org/projects/libssh.git/commit/?id=6ba5ff1b7b1547a59f750fbc06b89737b7456117 > ] > +CVE: CVE-2026-0966 > +Signed-off-by: Vijay Anusuri <[email protected]> > +--- > + src/dh.c | 2 +- > + 1 file changed, 1 insertion(+), 1 deletion(-) > + > +diff --git a/src/dh.c b/src/dh.c > +index 7116d1dc..321aeba6 100644 > +--- a/src/dh.c > ++++ b/src/dh.c > +@@ -1486,7 +1486,7 @@ char *ssh_get_hexa(const unsigned char *what, > size_t len) { > + size_t i; > + size_t hlen = len * 3; > + > +- if (len > (UINT_MAX - 1) / 3) { > ++ if (what == NULL || len < 1 || len > (UINT_MAX - 1) / 3) { > + return NULL; > + } > + > +-- > +2.25.1 > + > diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2026-0966-2.patch > b/meta-oe/recipes-support/libssh/libssh/CVE-2026-0966-2.patch > new file mode 100644 > index 0000000000..9a035dbc1e > --- /dev/null > +++ b/meta-oe/recipes-support/libssh/libssh/CVE-2026-0966-2.patch > @@ -0,0 +1,62 @@ > +From 3e1d276a5a030938a8f144f46ff4f2a2efe31ced Mon Sep 17 00:00:00 2001 > +From: Jakub Jelen <[email protected]> > +Date: Thu, 8 Jan 2026 12:10:44 +0100 > +Subject: [PATCH] CVE-2026-0966 doc: Update guided tour to use SHA256 > fingerprints > + > +Signed-off-by: Jakub Jelen <[email protected]> > +Reviewed-by: Pavol Žáčik <[email protected]> > +(cherry picked from commit 1b2a4f760bec35121c490f2294f915ebb9c992ae) > + > +Upstream-Status: Backport [ > https://git.libssh.org/projects/libssh.git/commit/?id=3e1d276a5a030938a8f144f46ff4f2a2efe31ced > ] > +CVE: CVE-2026-0966 > +Signed-off-by: Vijay Anusuri <[email protected]> > +--- > + doc/guided_tour.dox | 10 ++++------ > + 1 file changed, 4 insertions(+), 6 deletions(-) > + > +diff --git a/doc/guided_tour.dox b/doc/guided_tour.dox > +index 008ccb4e..bdd7489c 100644 > +--- a/doc/guided_tour.dox > ++++ b/doc/guided_tour.dox > +@@ -190,7 +190,6 @@ int verify_knownhost(ssh_session session) > + ssh_key srv_pubkey = NULL; > + size_t hlen; > + char buf[10]; > +- char *hexa = NULL; > + char *p = NULL; > + int cmp; > + int rc; > +@@ -201,7 +200,7 @@ int verify_knownhost(ssh_session session) > + } > + > + rc = ssh_get_publickey_hash(srv_pubkey, > +- SSH_PUBLICKEY_HASH_SHA1, > ++ SSH_PUBLICKEY_HASH_SHA256, > + &hash, > + &hlen); > + ssh_key_free(srv_pubkey); > +@@ -217,7 +216,7 @@ int verify_knownhost(ssh_session session) > + break; > + case SSH_KNOWN_HOSTS_CHANGED: > + fprintf(stderr, "Host key for server changed: it is now:\n"); > +- ssh_print_hexa("Public key hash", hash, hlen); > ++ ssh_print_hexa(SSH_PUBLICKEY_HASH_SHA256, hash, hlen); > + fprintf(stderr, "For security reasons, connection will be > stopped\n"); > + ssh_clean_pubkey_hash(&hash); > + > +@@ -238,10 +237,9 @@ int verify_knownhost(ssh_session session) > + /* FALL THROUGH to SSH_SERVER_NOT_KNOWN behavior */ > + > + case SSH_KNOWN_HOSTS_UNKNOWN: > +- hexa = ssh_get_hexa(hash, hlen); > + fprintf(stderr,"The server is unknown. Do you trust the host > key?\n"); > +- fprintf(stderr, "Public key hash: %s\n", hexa); > +- ssh_string_free_char(hexa); > ++ fprintf(stderr, "Public key hash: "); > ++ ssh_print_hash(SSH_PUBLICKEY_HASH_SHA256, hash, hlen); > + ssh_clean_pubkey_hash(&hash); > + p = fgets(buf, sizeof(buf), stdin); > + if (p == NULL) { > +-- > +2.25.1 > + > diff --git a/meta-oe/recipes-support/libssh/libssh_0.8.9.bb > b/meta-oe/recipes-support/libssh/libssh_0.8.9.bb > index a1fc64446c..8cc0883b2b 100644 > --- a/meta-oe/recipes-support/libssh/libssh_0.8.9.bb > +++ b/meta-oe/recipes-support/libssh/libssh_0.8.9.bb > @@ -29,6 +29,8 @@ SRC_URI = "git:// > git.libssh.org/projects/libssh.git;protocol=https;branch=stable > file://CVE-2025-8277-3.patch \ > file://CVE-2025-8114.patch \ > file://CVE-2026-3731.patch \ > + file://CVE-2026-0966-1.patch \ > + file://CVE-2026-0966-2.patch \ > " > SRCREV = "04685a74df9ce1db1bc116a83a0da78b4f4fa1f8" > > -- > 2.25.1 > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#125655): https://lists.openembedded.org/g/openembedded-devel/message/125655 Mute This Topic: https://lists.openembedded.org/mt/118500098/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
