| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: openssh-clients | Distribution: CentOS |
| Version: 8.7p1 | Vendor: CentOS |
| Release: 45.el9 | Build date: Tue Feb 18 11:59:58 2025 |
| Group: Unspecified | Build host: x86-04.stream.rdu2.redhat.com |
| Size: 2145525 | Source RPM: openssh-8.7p1-45.el9.src.rpm |
| Packager: [email protected] | |
| Url: http://www.openssh.com/portable.html | |
| Summary: An open source SSH client applications | |
OpenSSH is a free version of SSH (Secure SHell), a program for logging into and executing commands on a remote machine. This package includes the clients necessary to make encrypted connections to SSH servers.
BSD
* Tue Feb 18 2025 Dmitry Belyavskiy <[email protected]> - 8.7p1-45
- Fix missing error codes set and invalid error code checks in OpenSSH. It
prevents memory exhaustion attack and a MITM attack when VerifyHostKeyDNS
is on (CVE-2025-26465).
Resolves: RHEL-78700
* Mon Oct 21 2024 Dmitry Belyavskiy <[email protected]> - 8.7p1-44
- Add extra help information on ssh early failure
Resolves: RHEL-33809
- Provide details on crypto error instead of "error in libcrypto"
Resolves: RHEL-52293
- Allow duplicate Subsystem directive
Resolves: RHEL-47112
* Tue Jul 09 2024 Dmitry Belyavskiy <[email protected]> - 8.7p1-43
- Possible remote code execution due to a race condition (CVE-2024-6409)
Resolves: RHEL-45741
* Thu Jul 04 2024 Dmitry Belyavskiy <[email protected]> - 8.7p1-42
- Possible remote code execution due to a race condition (CVE-2024-6387)
Resolves: RHEL-45348
* Mon Jun 03 2024 Dmitry Belyavskiy <[email protected]> - 8.7p1-41
- Fix ssh multiplexing connect timeout processing
Resolves: RHEL-37748
* Thu May 02 2024 Zoltan Fridrich <[email protected]> - 8.7p1-40
- Correctly audit hostname and IP address
Resolves: RHEL-22316
- Make default key sizes configurable in sshd-keygen
Resolves: RHEL-26454
* Wed Apr 24 2024 Dmitry Belyavskiy <[email protected]> - 8.7p1-39
- Use FIPS-compatible API for key derivation
Resolves: RHEL-32809
* Fri Jan 05 2024 Dmitry Belyavskiy <[email protected]> - 8.7p1-38
- Fix Terrapin attack
Resolves: CVE-2023-48795
* Fri Jan 05 2024 Dmitry Belyavskiy <[email protected]> - 8.7p1-37
- Fix Terrapin attack
Resolves: CVE-2023-48795
* Wed Dec 20 2023 Dmitry Belyavskiy <[email protected]> - 8.7p1-36
- Fix Terrapin attack
Resolves: CVE-2023-48795
- Relax OpenSSH build-time checks for OpenSSL version
Related: RHEL-4734
- Forbid shell metasymbols in username/hostname
Resolves: CVE-2023-51385
* Mon Oct 23 2023 Dmitry Belyavskiy <[email protected]> - 8.7p1-35
- Relax OpenSSH checks for OpenSSL version
Resolves: RHEL-4734
- Limit artificial delays in sshd while login using AD user
Resolves: RHEL-2469
- Move users/groups creation logic to sysusers.d fragments
Resolves: RHEL-5222
* Thu Jul 20 2023 Dmitry Belyavskiy <[email protected]> - 8.7p1-34
- Avoid remote code execution in ssh-agent PKCS#11 support
Resolves: CVE-2023-38408
* Tue Jun 13 2023 Dmitry Belyavskiy <[email protected]> - 8.7p1-33
- Allow specifying validity interval in UTC
Resolves: rhbz#2115043
* Wed May 24 2023 Norbert Pocs <[email protected]> - 8.7p1-32
- Fix pkcs11 issue with the recent changes
- Delete unnecessary log messages from previous compl-dh patch
- Add ssh_config man page explanation on rhbz#2068423
- Resolves: rhbz#2207793, rhbz#2209096
* Tue May 16 2023 Norbert Pocs <[email protected]> - 8.7p1-31
- Fix minor issues with openssh-8.7p1-evp-fips-compl-dh.patch:
- Check return values
- Use EVP API to get the size of DH
- Add some log debug lines
- Related: rhbz#2091694
* Thu Apr 20 2023 Dmitry Belyavskiy <[email protected]> - 8.7p1-30
- Some non-terminating processes were listening on ports.
Resolves: rhbz#2177768
- On sshd startup, we check whether signing using the SHA1 for signing is
available and don't use it when it isn't.
- On ssh private key conversion we explicitly use SHA2 for testing RSA keys.
- In sshd, when SHA1 signatures are unavailable, we fallback (fall forward :) )
to SHA2 on host keys proof confirmation.
- On a client side we permit SHA2-based proofs from server when requested SHA1
proof (or didn't specify the hash algorithm that implies SHA1 on the client
side). It is aligned with already present exception for RSA certificates.
- We fallback to SHA2 if SHA1 signatures is not available on the client side
(file sshconnect2.c).
- We skip dss-related tests (they don't work without SHA1).
Resolves: rhbz#2070163
- FIPS compliance efforts for dh, ecdh and signing
Resolves: rhbz#2091694
* Thu Apr 06 2023 Dmitry Belyavskiy <[email protected]> - 8.7p1-29
- Resolve possible self-DoS with some clients
Resolves: rhbz#2186473
/etc/ssh/ssh_config /etc/ssh/ssh_config.d /etc/ssh/ssh_config.d/50-redhat.conf /usr/bin/scp /usr/bin/sftp /usr/bin/ssh /usr/bin/ssh-add /usr/bin/ssh-agent /usr/bin/ssh-copy-id /usr/bin/ssh-keyscan /usr/lib/.build-id /usr/lib/.build-id/23 /usr/lib/.build-id/23/2622050c3c3613fb9da07c531bfed06f5e8477 /usr/lib/.build-id/2c/1e2c006bb7427cdd8ef1caf5466c8e9dc146d9 /usr/lib/.build-id/5b /usr/lib/.build-id/5b/0fb1bca98e5d04fdce6d14e971dd35a68b18a9 /usr/lib/.build-id/7b /usr/lib/.build-id/7b/57738004b95fc623b05e231419a22d4e65f0d4 /usr/lib/.build-id/97 /usr/lib/.build-id/97/8692da757cc028723bc7a9e255c7dc6b099cf5 /usr/lib/.build-id/9c /usr/lib/.build-id/9c/7d8f8b5a13235377626f0e66a56189b5d754c4 /usr/lib/.build-id/c5 /usr/lib/.build-id/c5/9df572d1ca97f93182334e2dbf4bd6efcd094d /usr/lib/.build-id/f7 /usr/lib/.build-id/f7/eb079128c0270c410a879f1c63eda4da94eb9c /usr/lib/systemd/user/ssh-agent.service /usr/libexec/openssh/ssh-pkcs11-helper /usr/libexec/openssh/ssh-sk-helper /usr/share/man/man1/scp.1.gz /usr/share/man/man1/sftp.1.gz /usr/share/man/man1/ssh-add.1.gz /usr/share/man/man1/ssh-agent.1.gz /usr/share/man/man1/ssh-copy-id.1.gz /usr/share/man/man1/ssh-keyscan.1.gz /usr/share/man/man1/ssh.1.gz /usr/share/man/man5/ssh_config.5.gz /usr/share/man/man8/ssh-pkcs11-helper.8.gz /usr/share/man/man8/ssh-sk-helper.8.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Wed Feb 26 06:46:00 2025