diff options
| author | Darren Tucker <dtucker@dtucker.net> | 2022-07-12 12:54:49 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@dtucker.net> | 2022-07-12 12:54:49 +1000 |
| commit | d9eaea4bea6271bcee6a2b9428f1271faf2d033b (patch) | |
| tree | be870f1b4e259408d3de70bfb5960e925f861e9e /configure.ac | |
| parent | fb2f3a61bf3d28fff285524535f7ffcd177c9235 (diff) | |
| download | openssh-git-d9eaea4bea6271bcee6a2b9428f1271faf2d033b.tar.gz | |
Refuse to use OpenSSL 3.0.4 due to potential RCE.
OpenSSL has a potential RCE in its RSA implementation (CVE-2022-2274)
so refuse to use that specific version.
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index a0ff6f0b..6ebdd06a 100644 --- a/configure.ac +++ b/configure.ac @@ -2796,6 +2796,7 @@ if test "x$openssl" = "xyes" ; then ;; 101*) ;; # 1.1.x 200*) ;; # LibreSSL + 3000004*) AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)]) ;; 300*) # OpenSSL 3; we use the 1.1x API CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" |