Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

openssh-keycat-8.7p1-38.el9 RPM for aarch64

From AlmaLinux 9.4 BaseOS for aarch64

Name: openssh-keycat Distribution: AlmaLinux
Version: 8.7p1 Vendor: AlmaLinux
Release: 38.el9 Build date: Tue Apr 2 09:50:07 2024
Group: Unspecified Build host: arm-builder01.almalinux.org
Size: 69495 Source RPM: openssh-8.7p1-38.el9.src.rpm
Packager: AlmaLinux Packaging Team <[email protected]>
Url: http://www.openssh.com/portable.html
Summary: A mls keycat backend for openssh
OpenSSH mls keycat is backend for using the authorized keys in the
openssh in the mls mode.

Provides

Requires

License

BSD

Changelog

* Fri Jan 05 2024 Dmitry Belyavskiy <[email protected]> - 8.7p1-38
  - Fix Terrapin attack
    Resolves: CVE-2023-48795
* Fri Jan 05 2024 Dmitry Belyavskiy <[email protected]> - 8.7p1-37
  - Fix Terrapin attack
    Resolves: CVE-2023-48795
* Wed Dec 20 2023 Dmitry Belyavskiy <[email protected]> - 8.7p1-36
  - Fix Terrapin attack
    Resolves: CVE-2023-48795
  - Relax OpenSSH build-time checks for OpenSSL version
    Related: RHEL-4734
  - Forbid shell metasymbols in username/hostname
    Resolves: CVE-2023-51385
* Mon Oct 23 2023 Dmitry Belyavskiy <[email protected]> - 8.7p1-35
  - Relax OpenSSH checks for OpenSSL version
    Resolves: RHEL-4734
  - Limit artificial delays in sshd while login using AD user
    Resolves: RHEL-2469
  - Move users/groups creation logic to sysusers.d fragments
    Resolves: RHEL-5222
* Thu Jul 20 2023 Dmitry Belyavskiy <[email protected]> - 8.7p1-34
  - Avoid remote code execution in ssh-agent PKCS#11 support
    Resolves: CVE-2023-38408
* Tue Jun 13 2023 Dmitry Belyavskiy <[email protected]> - 8.7p1-33
  - Allow specifying validity interval in UTC
    Resolves: rhbz#2115043
* Wed May 24 2023 Norbert Pocs <[email protected]> - 8.7p1-32
  - Fix pkcs11 issue with the recent changes
  - Delete unnecessary log messages from previous compl-dh patch
  - Add ssh_config man page explanation on rhbz#2068423
  - Resolves: rhbz#2207793, rhbz#2209096
* Tue May 16 2023 Norbert Pocs <[email protected]> - 8.7p1-31
  - Fix minor issues with openssh-8.7p1-evp-fips-compl-dh.patch:
  - Check return values
  - Use EVP API to get the size of DH
  - Add some log debug lines
  - Related: rhbz#2091694
* Thu Apr 20 2023 Dmitry Belyavskiy <[email protected]> - 8.7p1-30
  - Some non-terminating processes were listening on ports.
    Resolves: rhbz#2177768
  - On sshd startup, we check whether signing using the SHA1 for signing is
    available and don't use it when it isn't.
  - On ssh private key conversion we explicitly use SHA2 for testing RSA keys.
  - In sshd, when SHA1 signatures are unavailable, we fallback (fall forward :) )
    to SHA2 on host keys proof confirmation.
  - On a client side we permit SHA2-based proofs from server when requested SHA1
    proof (or didn't specify the hash algorithm that implies SHA1 on the client
    side). It is aligned with already present exception for RSA certificates.
  - We fallback to SHA2 if SHA1 signatures is not available on the client side
    (file sshconnect2.c).
  - We skip dss-related tests (they don't work without SHA1).
    Resolves: rhbz#2070163
  - FIPS compliance efforts for dh, ecdh and signing
    Resolves: rhbz#2091694
* Thu Apr 06 2023 Dmitry Belyavskiy <[email protected]> - 8.7p1-29
  - Resolve possible self-DoS with some clients
    Resolves: rhbz#2186473
* Thu Jan 12 2023 Dmitry Belyavskiy <[email protected]> - 8.7p1-28
  - Do not try to use SHA1 for host key ownership proof when we don't support it server-side
    Resolves: rhbz#2088750
* Thu Jan 12 2023 Zoltan Fridrich <[email protected]> - 8.7p1-27
  - Add sk-dummy subpackage for test purposes
    Resolves: rhbz#2092780
* Fri Jan 06 2023 Dmitry Belyavskiy <[email protected]> - 8.7p1-26
  - Fix one-byte overflow in SSH banner processing
    Resolves: rhbz#2138345
  - Fix double free() in error path
    Resolves: rhbz#2138347
* Fri Dec 16 2022 Dmitry Belyavskiy <[email protected]> - 8.7p1-25
  - Build fix after OpenSSL rebase
    Resolves: rhbz#2153626
* Fri Sep 23 2022 Dmitry Belyavskiy <[email protected]> - 8.7p1-24
  - Set minimal value of RSA key length via configuration option - support both names
    Resolves: rhbz#2128352
* Thu Sep 22 2022 Dmitry Belyavskiy <[email protected]> - 8.7p1-23
  - Set minimal value of RSA key length via configuration option
    Resolves: rhbz#2128352
* Tue Aug 16 2022 Dmitry Belyavskiy <[email protected]> - 8.7p1-22
  - Avoid spirous message on connecting to the machine with ssh-rsa keys
    Related: rhbz#2115246
  - Set minimal value of RSA key length via configuration option
    Related: rhbz#2066882
* Thu Aug 04 2022 Dmitry Belyavskiy <[email protected]> - 8.7p1-21
  - IBMCA workaround
    Related: rhbz#1976202
* Tue Jul 26 2022 Zoltan Fridrich <[email protected]> - 8.7p1-20 + 0.10.4-5
  - Fix openssh-8.7p1-scp-clears-file.patch
    Related: rhbz#2056884
* Fri Jul 15 2022 Dmitry Belyavskiy <[email protected]> - 8.7p1-19 + 0.10.4-5
  - FIX pam_ssh_agent_auth auth for RSA keys
    Related: rhbz#2070113
* Thu Jul 14 2022 Zoltan Fridrich <[email protected]> - 8.7p1-18
  - Fix new coverity issues
    Related: rhbz#2068423
* Thu Jul 14 2022 Dmitry Belyavskiy <[email protected]> - 8.7p1-17
  - Disable ed25519 and ed25519-sk keys in FIPS mode
    Related: rhbz#2087915
* Thu Jul 14 2022 Zoltan Fridrich <[email protected]> - 8.7p1-16
  - Don't propose disallowed algorithms during hostkey negotiation
    Resolves: rhbz#2068423
* Thu Jul 14 2022 Dmitry Belyavskiy <[email protected]> - 8.7p1-15
  - Disable ed25519 and ed25519-sk keys in FIPS mode
    Related: rhbz#2087915
* Wed Jul 13 2022 Dmitry Belyavskiy <[email protected]> - 8.7p1-14
  - Disable ed25519 and ed25519-sk keys in FIPS mode
    Related: rhbz#2087915
* Tue Jul 12 2022 Zoltan Fridrich <[email protected]> - 8.7p1-13
  - Add reference for policy customization in ssh/sshd_config manpages
    Resolves: rhbz#1984575
* Mon Jul 11 2022 Dmitry Belyavskiy <[email protected]> - 8.7p1-12
  - Disable sntrup761x25519-sha512 in FIPS mode
    Related: rhbz#2070628
  - Disable ed25519 and ed25519-sk keys in FIPS mode
    Related: rhbz#2087915
* Mon Jul 11 2022 Zoltan Fridrich <[email protected]> - 8.7p1-11
  - Fix scp clearing file when src and dest are the same
    Resolves: rhbz#2056884
  - Add missing options from ssh_config into ssh manpage
    Resolves: rhbz#2033372
  - Fix several memory leaks
    Related: rhbz#2068423
  - Fix gssapi authentication failures
    Resolves: rhbz#2091023
  - Fix host-based authentication with rsa keys
    Resolves: rhbz#2088916
* Wed Jun 29 2022 Dmitry Belyavskiy <[email protected]> - 8.7p1-10
  - Set minimal value of RSA key length via configuration option
    Related: rhbz#2066882
  - Use EVP functions for RSA key generation
    Related: rhbz#2087121
* Wed Jun 29 2022 Zoltan Fridrich <[email protected]> - 8.7p1-9
  - Update minimize-sha1-use.patch to use upstream code
    Related: rhbz#2031868
  - Change product name from Fedora to RHEL in openssh-7.8p1-UsePAM-warning.patch
    Resolves: rhbz#2064338
  - Change log level of FIPS specific log message to verbose
    Resolves: rhbz#2102201
* Mon Feb 21 2022 Dmitry Belyavskiy <[email protected]> - 8.7p1-8
  - Workaround for RHEL 8 incompatibility in scp utility in SFTP mode
    Related: rhbz#2038854
* Mon Feb 07 2022 Dmitry Belyavskiy <[email protected]> - 8.7p1-7
  - Switch to SFTP protocol in scp utility by default - upstream fixes
    Related: rhbz#2001002
  - Workaround for RHEL 8 incompatibility in scp utility in SFTP mode
    Related: rhbz#2038854

Files

/etc/pam.d/ssh-keycat
/usr/lib/.build-id
/usr/lib/.build-id/b5
/usr/lib/.build-id/b5/3eb9015e784610824211d80ce9d91dd95e81ea
/usr/libexec/openssh/ssh-keycat
/usr/share/doc/openssh-keycat
/usr/share/doc/openssh-keycat/HOWTO.ssh-keycat


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Nov 12 07:19:56 2024