[openssh-commits] [openssh] 02/02: Refuse to use OpenSSL 3.0.4 due to potential RCE.
git+noreply at mindrot.org
git+noreply at mindrot.org
Tue Jul 12 12:56:34 AEST 2022
This is an automated email from the git hooks/post-receive script.
dtucker pushed a commit to branch master
in repository openssh.
commit d9eaea4bea6271bcee6a2b9428f1271faf2d033b
Author: Darren Tucker <dtucker at dtucker.net>
Date: Tue Jul 12 12:54:49 2022 +1000
Refuse to use OpenSSL 3.0.4 due to potential RCE.
OpenSSL has a potential RCE in its RSA implementation (CVE-2022-2274)
so refuse to use that specific version.
---
configure.ac | 1 +
1 file changed, 1 insertion(+)
diff --git a/configure.ac b/configure.ac
index a0ff6f0b..6ebdd06a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2796,6 +2796,7 @@ if test "x$openssl" = "xyes" ; then
;;
101*) ;; # 1.1.x
200*) ;; # LibreSSL
+ 3000004*) AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)]) ;;
300*)
# OpenSSL 3; we use the 1.1x API
CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list