scottk/ols-nos
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/ols-nos.git synced 2025-10-29 17:22:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

[Security] Upgrade the OpenSSL/OpenSSH to fix CVE alerts (#16902)

Browse Source 
### Why I did it
[Security] Upgrade the OpenSSL/OpenSSH to fix CVE alerts

Upgrade OpenSSL to 1.1.1n-0+deb11u5
Fix CVEs:
      CVE-2023-0464 (Excessive Resource Usage Verifying X.509 Policy
      CVE-2023-0465 (Invalid certificate policies in leaf certificates are
      CVE-2023-0466 (Certificate policy check not enabled).
      CVE-2022-4304 (Timing Oracle in RSA Decryption).
      CVE-2023-2650 (Possible DoS translating ASN.1 object identifiers).

Upgrade OpenSSH to 8.4p1-5+deb11u2
Fix CVEs:
    CVE-2023-38408 (Lacks SSH agent restriction)

##### Work item tracking
- Microsoft ADO **(number only)**: 25506776

#### How I did it
Upgrade the OpenSSL/OpenSSH package version and fix the UT failure.

#### How to verify it
Verified by UTs with and without FIPS enabled.
This commit is contained in:
xumia
2023-10-19 06:52:26 +08:00
committed by GitHub
parent 6410e66f35
commit 5f224327a9
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
rules/sonic-fips.mk
View File

@@ -1,8 +1,8 @@
# fips packages
FIPS_VERSION = 0.8
FIPS_OPENSSL_VERSION = 1.1.1n-0+deb11u4+fips
FIPS_OPENSSH_VERSION = 8.4p1-5+deb11u1+fips
FIPS_VERSION = 0.9
FIPS_OPENSSL_VERSION = 1.1.1n-0+deb11u5+fips
FIPS_OPENSSH_VERSION = 8.4p1-5+deb11u2+fips
FIPS_PYTHON_MAIN_VERSION = 3.9
FIPS_PYTHON_VERSION = 3.9.2-1+fips
FIPS_GOLANG_MAIN_VERSION = 1.15