[AUTO-CHERRYPICK] Patch openssh for CVE-2025-32728 [MEDIUM] - branch main (#13515)

CBL-Mariner-Bot · realsdx · web-flow · commit a98374384fcc · 2025-04-21T15:43:33.000-04:00
Co-authored-by: Sudipta Pandit &lt;sudpandit@microsoft.com&gt;
diff --git a/SPECS/openssh/CVE-2025-32728.patch b/SPECS/openssh/CVE-2025-32728.patch
@@ -0,0 +1,37 @@
+From 1526b86ec36bd7e711ef9305d9644642b4140096 Mon Sep 17 00:00:00 2001
+From: Sudipta Pandit <sudpandit@microsoft.com>
+Date: Thu, 17 Apr 2025 15:21:33 +0530
+Subject: [PATCH] Backport fix for CVE-2025-32728
+
+Upstream ref: https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367
+
+---
+ session.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/session.c b/session.c
+index c941511..98cd183 100644
+--- a/session.c
++++ b/session.c
+@@ -2176,7 +2176,8 @@ session_auth_agent_req(struct ssh *ssh, Session *s)
+ 	if ((r = sshpkt_get_end(ssh)) != 0)
+ 		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
+ 	if (!auth_opts->permit_agent_forwarding_flag ||
+-	    !options.allow_agent_forwarding) {
++	    !options.allow_agent_forwarding ||
++	    options.disable_forwarding) {
+ 		debug_f("agent forwarding disabled");
+ 		return 0;
+ 	}
+@@ -2571,7 +2572,7 @@ session_setup_x11fwd(struct ssh *ssh, Session *s)
+ 		ssh_packet_send_debug(ssh, "X11 forwarding disabled by key options.");
+ 		return 0;
+ 	}
+-	if (!options.x11_forwarding) {
++	if (!options.x11_forwarding || options.disable_forwarding) {
+ 		debug("X11 forwarding disabled in server configuration file.");
+ 		return 0;
+ 	}
+-- 
+2.34.1
+
diff --git a/SPECS/openssh/openssh.spec b/SPECS/openssh/openssh.spec
@@ -3,7 +3,7 @@
 Summary:        Free version of the SSH connectivity tools
 Name:           openssh
 Version:        %{openssh_ver}
-Release:        7%{?dist}
+Release:        8%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -49,6 +49,7 @@ Patch350:       CVE-2023-28531.patch
 # Patch for CVE-2024-6387 can be removed if openssh is upgraded to version 9.8p1 or greater
 Patch351:       CVE-2024-6387.patch
 Patch352:       CVE-2025-26465.patch
+Patch353:       CVE-2025-32728.patch
 BuildRequires:  audit-devel
 BuildRequires:  autoconf
 BuildRequires:  e2fsprogs-devel
@@ -136,6 +137,7 @@ popd
 %patch350 -p1 -b .cve-2023-28531
 %patch351 -p1 -b .cve-2024-6387
 %patch352 -p1 -b .cve-2025-26465
+%patch353 -p1 -b .cve-2025-32728
 
 %build
 export CFLAGS="$CFLAGS -fpic"
@@ -292,6 +294,9 @@ fi
 %{_mandir}/man8/ssh-sk-helper.8.gz
 
 %changelog
+* Fri Apr 18 2025 Sudipta Pandit <sudpandit@microsoft.com> - 8.9p1-8
+- Patch CVE-2025-32728
+
 * Fri Feb 14 2025 Jon Slobodzian <joslobo@microsoft.com> - 8.9p1-7
 - Patch for CVE-2025-26465 and CVE-2025-26466.
 
