| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: openssh-server | Distribution: AlmaLinux |
| Version: 8.7p1 | Vendor: AlmaLinux |
| Release: 38.el9_4.1 | Build date: Wed Jul 3 19:22:28 2024 |
| Group: Unspecified | Build host: s390x-builder02.almalinux.org |
| Size: 1110769 | Source RPM: openssh-8.7p1-38.el9_4.1.src.rpm |
| Packager: AlmaLinux Packaging Team <packager@almalinux.org> | |
| Url: http://www.openssh.com/portable.html | |
| Summary: An open source SSH server daemon | |
OpenSSH is a free version of SSH (Secure SHell), a program for logging into and executing commands on a remote machine. This package contains the secure shell daemon (sshd). The sshd daemon allows SSH clients to securely connect to your SSH server.
BSD
* Fri Jun 28 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-38.1
- Possible remote code execution due to a race condition (CVE-2024-6387)
Resolves: RHEL-45347
* Fri Jan 05 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-38
- Fix Terrapin attack
Resolves: CVE-2023-48795
* Fri Jan 05 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-37
- Fix Terrapin attack
Resolves: CVE-2023-48795
* Wed Dec 20 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-36
- Fix Terrapin attack
Resolves: CVE-2023-48795
- Relax OpenSSH build-time checks for OpenSSL version
Related: RHEL-4734
- Forbid shell metasymbols in username/hostname
Resolves: CVE-2023-51385
* Mon Oct 23 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-35
- Relax OpenSSH checks for OpenSSL version
Resolves: RHEL-4734
- Limit artificial delays in sshd while login using AD user
Resolves: RHEL-2469
- Move users/groups creation logic to sysusers.d fragments
Resolves: RHEL-5222
* Thu Jul 20 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-34
- Avoid remote code execution in ssh-agent PKCS#11 support
Resolves: CVE-2023-38408
* Tue Jun 13 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-33
- Allow specifying validity interval in UTC
Resolves: rhbz#2115043
* Wed May 24 2023 Norbert Pocs <npocs@redhat.com> - 8.7p1-32
- Fix pkcs11 issue with the recent changes
- Delete unnecessary log messages from previous compl-dh patch
- Add ssh_config man page explanation on rhbz#2068423
- Resolves: rhbz#2207793, rhbz#2209096
* Tue May 16 2023 Norbert Pocs <npocs@redhat.com> - 8.7p1-31
- Fix minor issues with openssh-8.7p1-evp-fips-compl-dh.patch:
- Check return values
- Use EVP API to get the size of DH
- Add some log debug lines
- Related: rhbz#2091694
* Thu Apr 20 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-30
- Some non-terminating processes were listening on ports.
Resolves: rhbz#2177768
- On sshd startup, we check whether signing using the SHA1 for signing is
available and don't use it when it isn't.
- On ssh private key conversion we explicitly use SHA2 for testing RSA keys.
- In sshd, when SHA1 signatures are unavailable, we fallback (fall forward :) )
to SHA2 on host keys proof confirmation.
- On a client side we permit SHA2-based proofs from server when requested SHA1
proof (or didn't specify the hash algorithm that implies SHA1 on the client
side). It is aligned with already present exception for RSA certificates.
- We fallback to SHA2 if SHA1 signatures is not available on the client side
(file sshconnect2.c).
- We skip dss-related tests (they don't work without SHA1).
Resolves: rhbz#2070163
- FIPS compliance efforts for dh, ecdh and signing
Resolves: rhbz#2091694
* Thu Apr 06 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-29
- Resolve possible self-DoS with some clients
Resolves: rhbz#2186473
* Thu Jan 12 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-28
- Do not try to use SHA1 for host key ownership proof when we don't support it server-side
Resolves: rhbz#2088750
* Thu Jan 12 2023 Zoltan Fridrich <zfridric@redhat.com> - 8.7p1-27
- Add sk-dummy subpackage for test purposes
Resolves: rhbz#2092780
* Fri Jan 06 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-26
- Fix one-byte overflow in SSH banner processing
Resolves: rhbz#2138345
- Fix double free() in error path
Resolves: rhbz#2138347
* Fri Dec 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-25
- Build fix after OpenSSL rebase
Resolves: rhbz#2153626
* Fri Sep 23 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-24
- Set minimal value of RSA key length via configuration option - support both names
Resolves: rhbz#2128352
* Thu Sep 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-23
- Set minimal value of RSA key length via configuration option
Resolves: rhbz#2128352
* Tue Aug 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-22
- Avoid spirous message on connecting to the machine with ssh-rsa keys
Related: rhbz#2115246
- Set minimal value of RSA key length via configuration option
Related: rhbz#2066882
* Thu Aug 04 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-21
- IBMCA workaround
Related: rhbz#1976202
* Tue Jul 26 2022 Zoltan Fridrich <zfridric@redhat.com> - 8.7p1-20 + 0.10.4-5
- Fix openssh-8.7p1-scp-clears-file.patch
Related: rhbz#2056884
* Fri Jul 15 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-19 + 0.10.4-5
- FIX pam_ssh_agent_auth auth for RSA keys
Related: rhbz#2070113
* Thu Jul 14 2022 Zoltan Fridrich <zfridric@redhat.com> - 8.7p1-18
- Fix new coverity issues
Related: rhbz#2068423
* Thu Jul 14 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-17
- Disable ed25519 and ed25519-sk keys in FIPS mode
Related: rhbz#2087915
* Thu Jul 14 2022 Zoltan Fridrich <zfridric@redhat.com> - 8.7p1-16
- Don't propose disallowed algorithms during hostkey negotiation
Resolves: rhbz#2068423
* Thu Jul 14 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-15
- Disable ed25519 and ed25519-sk keys in FIPS mode
Related: rhbz#2087915
* Wed Jul 13 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-14
- Disable ed25519 and ed25519-sk keys in FIPS mode
Related: rhbz#2087915
* Tue Jul 12 2022 Zoltan Fridrich <zfridric@redhat.com> - 8.7p1-13
- Add reference for policy customization in ssh/sshd_config manpages
Resolves: rhbz#1984575
* Mon Jul 11 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-12
- Disable sntrup761x25519-sha512 in FIPS mode
Related: rhbz#2070628
- Disable ed25519 and ed25519-sk keys in FIPS mode
Related: rhbz#2087915
* Mon Jul 11 2022 Zoltan Fridrich <zfridric@redhat.com> - 8.7p1-11
- Fix scp clearing file when src and dest are the same
Resolves: rhbz#2056884
- Add missing options from ssh_config into ssh manpage
Resolves: rhbz#2033372
- Fix several memory leaks
Related: rhbz#2068423
- Fix gssapi authentication failures
Resolves: rhbz#2091023
- Fix host-based authentication with rsa keys
Resolves: rhbz#2088916
* Wed Jun 29 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-10
- Set minimal value of RSA key length via configuration option
Related: rhbz#2066882
- Use EVP functions for RSA key generation
Related: rhbz#2087121
* Wed Jun 29 2022 Zoltan Fridrich <zfridric@redhat.com> - 8.7p1-9
- Update minimize-sha1-use.patch to use upstream code
Related: rhbz#2031868
- Change product name from Fedora to RHEL in openssh-7.8p1-UsePAM-warning.patch
Resolves: rhbz#2064338
- Change log level of FIPS specific log message to verbose
Resolves: rhbz#2102201
/etc/pam.d/sshd /etc/ssh/sshd_config /etc/ssh/sshd_config.d /etc/ssh/sshd_config.d/50-redhat.conf /etc/sysconfig/sshd /usr/lib/.build-id /usr/lib/.build-id/35 /usr/lib/.build-id/35/5d78e05f7fd74078d869a2d457a9c25835a114 /usr/lib/.build-id/36 /usr/lib/.build-id/36/9d73fc1b486fb15cdddf8b378de03c700b4e8c /usr/lib/systemd/system/sshd-keygen.target /usr/lib/systemd/system/sshd-keygen@.service /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.socket /usr/lib/systemd/system/sshd@.service /usr/lib/sysusers.d/openssh-server.conf /usr/libexec/openssh/sftp-server /usr/libexec/openssh/sshd-keygen /usr/sbin/sshd /usr/share/empty.sshd /usr/share/man/man5/moduli.5.gz /usr/share/man/man5/sshd_config.5.gz /usr/share/man/man8/sftp-server.8.gz /usr/share/man/man8/sshd.8.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Thu Nov 7 08:00:08 2024