forked from rpms/openssh
Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
237f16cee9 | ||
| 8d2400298f | |||
| 9a48c48aa4 |
57
SOURCES/openssh-8.0p1-CVE-2025-26465.patch
Normal file
57
SOURCES/openssh-8.0p1-CVE-2025-26465.patch
Normal file
@ -0,0 +1,57 @@
|
|||||||
|
diff --git a/openssh-8.0p1/krl.c b/openssh-8.0p1/krl.c
|
||||||
|
index 8e2d5d5..e5b046d 100644
|
||||||
|
--- a/openssh-8.0p1/krl.c
|
||||||
|
+++ b/openssh-8.0p1/krl.c
|
||||||
|
@@ -676,6 +676,7 @@ revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)
|
||||||
|
break;
|
||||||
|
case KRL_SECTION_CERT_SERIAL_BITMAP:
|
||||||
|
if (rs->lo - bitmap_start > INT_MAX) {
|
||||||
|
+ r = SSH_ERR_INVALID_FORMAT;
|
||||||
|
error("%s: insane bitmap gap", __func__);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
@@ -1011,6 +1012,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
|
||||||
|
goto out;
|
||||||
|
|
||||||
|
if ((krl = ssh_krl_init()) == NULL) {
|
||||||
|
+ r = SSH_ERR_ALLOC_FAIL;
|
||||||
|
error("%s: alloc failed", __func__);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
diff --git a/openssh-8.0p1/sshconnect2.c b/openssh-8.0p1/sshconnect2.c
|
||||||
|
index ce855eb..9650b24 100644
|
||||||
|
--- a/openssh-8.0p1/sshconnect2.c
|
||||||
|
+++ b/openssh-8.0p1/sshconnect2.c
|
||||||
|
@@ -95,7 +95,7 @@ struct sockaddr *xxx_hostaddr;
|
||||||
|
static int
|
||||||
|
verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh)
|
||||||
|
{
|
||||||
|
- if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
|
||||||
|
+ if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) != 0)
|
||||||
|
fatal("Host key verification failed.");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
@@ -767,6 +767,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
|
||||||
|
|
||||||
|
if ((pktype = sshkey_type_from_name(pkalg)) == KEY_UNSPEC) {
|
||||||
|
debug("%s: server sent unknown pkalg %s", __func__, pkalg);
|
||||||
|
+ r = SSH_ERR_INVALID_FORMAT;
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) {
|
||||||
|
@@ -777,6 +778,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
|
||||||
|
error("input_userauth_pk_ok: type mismatch "
|
||||||
|
"for decoded key (received %d, expected %d)",
|
||||||
|
key->type, pktype);
|
||||||
|
+ r = SSH_ERR_INVALID_FORMAT;
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -796,6 +798,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
|
||||||
|
SSH_FP_DEFAULT);
|
||||||
|
error("%s: server replied with unknown key: %s %s", __func__,
|
||||||
|
sshkey_type(key), fp == NULL ? "<ERROR>" : fp);
|
||||||
|
+ r = SSH_ERR_INVALID_FORMAT;
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
ident = format_identity(id);
|
||||||
@ -1504,11 +1504,9 @@ index 2abbb9ef..569dc83f 100644
|
|||||||
kex_gen_hash(
|
kex_gen_hash(
|
||||||
int hash_alg,
|
int hash_alg,
|
||||||
const struct sshbuf *client_version,
|
const struct sshbuf *client_version,
|
||||||
diff --git a/kexgssc.c b/kexgssc.c
|
diff --color -ruNp a/kexgssc.c b/kexgssc.c
|
||||||
new file mode 100644
|
--- a/kexgssc.c 1970-01-01 01:00:00.000000000 +0100
|
||||||
index 00000000..0b2f6a56
|
+++ b/kexgssc.c 2026-03-16 15:43:01.131354176 +0100
|
||||||
--- /dev/null
|
|
||||||
+++ b/kexgssc.c
|
|
||||||
@@ -0,0 +1,618 @@
|
@@ -0,0 +1,618 @@
|
||||||
+/*
|
+/*
|
||||||
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
|
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
|
||||||
@ -1564,8 +1562,8 @@ index 00000000..0b2f6a56
|
|||||||
+{
|
+{
|
||||||
+ struct kex *kex = ssh->kex;
|
+ struct kex *kex = ssh->kex;
|
||||||
+ gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER,
|
+ gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER,
|
||||||
+ recv_tok = GSS_C_EMPTY_BUFFER,
|
+ recv_tok = GSS_C_EMPTY_BUFFER, gssbuf = GSS_C_EMPTY_BUFFER,
|
||||||
+ gssbuf, msg_tok = GSS_C_EMPTY_BUFFER, *token_ptr;
|
+ msg_tok = GSS_C_EMPTY_BUFFER, *token_ptr;
|
||||||
+ Gssctxt *ctxt;
|
+ Gssctxt *ctxt;
|
||||||
+ OM_uint32 maj_status, min_status, ret_flags;
|
+ OM_uint32 maj_status, min_status, ret_flags;
|
||||||
+ struct sshbuf *server_blob = NULL;
|
+ struct sshbuf *server_blob = NULL;
|
||||||
@ -1717,11 +1715,11 @@ index 00000000..0b2f6a56
|
|||||||
+ fatal("Failed to read token: %s", ssh_err(r));
|
+ fatal("Failed to read token: %s", ssh_err(r));
|
||||||
+ /* If we're already complete - protocol error */
|
+ /* If we're already complete - protocol error */
|
||||||
+ if (maj_status == GSS_S_COMPLETE)
|
+ if (maj_status == GSS_S_COMPLETE)
|
||||||
+ sshpkt_disconnect(ssh, "Protocol error: received token when complete");
|
+ ssh_packet_disconnect(ssh, "Protocol error: received token when complete");
|
||||||
+ } else {
|
+ } else {
|
||||||
+ /* No token included */
|
+ /* No token included */
|
||||||
+ if (maj_status != GSS_S_COMPLETE)
|
+ if (maj_status != GSS_S_COMPLETE)
|
||||||
+ sshpkt_disconnect(ssh, "Protocol error: did not receive final token");
|
+ ssh_packet_disconnect(ssh, "Protocol error: did not receive final token");
|
||||||
+ }
|
+ }
|
||||||
+ if ((r = sshpkt_get_end(ssh)) != 0) {
|
+ if ((r = sshpkt_get_end(ssh)) != 0) {
|
||||||
+ fatal("Expecting end of packet.");
|
+ fatal("Expecting end of packet.");
|
||||||
@ -1737,7 +1735,7 @@ index 00000000..0b2f6a56
|
|||||||
+ fatal("sshpkt_get failed: %s", ssh_err(r));
|
+ fatal("sshpkt_get failed: %s", ssh_err(r));
|
||||||
+ fatal("GSSAPI Error: \n%.400s", msg);
|
+ fatal("GSSAPI Error: \n%.400s", msg);
|
||||||
+ default:
|
+ default:
|
||||||
+ sshpkt_disconnect(ssh, "Protocol error: didn't expect packet type %d",
|
+ ssh_packet_disconnect(ssh, "Protocol error: didn't expect packet type %d",
|
||||||
+ type);
|
+ type);
|
||||||
+ }
|
+ }
|
||||||
+ token_ptr = &recv_tok;
|
+ token_ptr = &recv_tok;
|
||||||
@ -1810,7 +1808,7 @@ index 00000000..0b2f6a56
|
|||||||
+
|
+
|
||||||
+ /* Verify that the hash matches the MIC we just got. */
|
+ /* Verify that the hash matches the MIC we just got. */
|
||||||
+ if (GSS_ERROR(ssh_gssapi_checkmic(ctxt, &gssbuf, &msg_tok)))
|
+ if (GSS_ERROR(ssh_gssapi_checkmic(ctxt, &gssbuf, &msg_tok)))
|
||||||
+ sshpkt_disconnect(ssh, "Hash's MIC didn't verify");
|
+ ssh_packet_disconnect(ssh, "Hash's MIC didn't verify");
|
||||||
+
|
+
|
||||||
+ gss_release_buffer(&min_status, &msg_tok);
|
+ gss_release_buffer(&min_status, &msg_tok);
|
||||||
+
|
+
|
||||||
@ -1842,8 +1840,8 @@ index 00000000..0b2f6a56
|
|||||||
+{
|
+{
|
||||||
+ struct kex *kex = ssh->kex;
|
+ struct kex *kex = ssh->kex;
|
||||||
+ gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER,
|
+ gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER,
|
||||||
+ recv_tok = GSS_C_EMPTY_BUFFER, gssbuf,
|
+ recv_tok = GSS_C_EMPTY_BUFFER, gssbuf = GSS_C_EMPTY_BUFFER,
|
||||||
+ msg_tok = GSS_C_EMPTY_BUFFER, *token_ptr;
|
+ msg_tok = GSS_C_EMPTY_BUFFER, *token_ptr;
|
||||||
+ Gssctxt *ctxt;
|
+ Gssctxt *ctxt;
|
||||||
+ OM_uint32 maj_status, min_status, ret_flags;
|
+ OM_uint32 maj_status, min_status, ret_flags;
|
||||||
+ struct sshbuf *shared_secret = NULL;
|
+ struct sshbuf *shared_secret = NULL;
|
||||||
@ -2014,11 +2012,11 @@ index 00000000..0b2f6a56
|
|||||||
+ fatal("sshpkt failed: %s", ssh_err(r));
|
+ fatal("sshpkt failed: %s", ssh_err(r));
|
||||||
+ /* If we're already complete - protocol error */
|
+ /* If we're already complete - protocol error */
|
||||||
+ if (maj_status == GSS_S_COMPLETE)
|
+ if (maj_status == GSS_S_COMPLETE)
|
||||||
+ sshpkt_disconnect(ssh, "Protocol error: received token when complete");
|
+ ssh_packet_disconnect(ssh, "Protocol error: received token when complete");
|
||||||
+ } else {
|
+ } else {
|
||||||
+ /* No token included */
|
+ /* No token included */
|
||||||
+ if (maj_status != GSS_S_COMPLETE)
|
+ if (maj_status != GSS_S_COMPLETE)
|
||||||
+ sshpkt_disconnect(ssh, "Protocol error: did not receive final token");
|
+ ssh_packet_disconnect(ssh, "Protocol error: did not receive final token");
|
||||||
+ }
|
+ }
|
||||||
+ break;
|
+ break;
|
||||||
+ case SSH2_MSG_KEXGSS_ERROR:
|
+ case SSH2_MSG_KEXGSS_ERROR:
|
||||||
@ -2031,7 +2029,7 @@ index 00000000..0b2f6a56
|
|||||||
+ fatal("sshpkt failed: %s", ssh_err(r));
|
+ fatal("sshpkt failed: %s", ssh_err(r));
|
||||||
+ fatal("GSSAPI Error: \n%.400s", msg);
|
+ fatal("GSSAPI Error: \n%.400s", msg);
|
||||||
+ default:
|
+ default:
|
||||||
+ sshpkt_disconnect(ssh, "Protocol error: didn't expect packet type %d",
|
+ ssh_packet_disconnect(ssh, "Protocol error: didn't expect packet type %d",
|
||||||
+ type);
|
+ type);
|
||||||
+ }
|
+ }
|
||||||
+ token_ptr = &recv_tok;
|
+ token_ptr = &recv_tok;
|
||||||
@ -2093,7 +2091,7 @@ index 00000000..0b2f6a56
|
|||||||
+
|
+
|
||||||
+ /* Verify that the hash matches the MIC we just got. */
|
+ /* Verify that the hash matches the MIC we just got. */
|
||||||
+ if (GSS_ERROR(ssh_gssapi_checkmic(ctxt, &gssbuf, &msg_tok)))
|
+ if (GSS_ERROR(ssh_gssapi_checkmic(ctxt, &gssbuf, &msg_tok)))
|
||||||
+ sshpkt_disconnect(ssh, "Hash's MIC didn't verify");
|
+ ssh_packet_disconnect(ssh, "Hash's MIC didn't verify");
|
||||||
+
|
+
|
||||||
+ gss_release_buffer(&min_status, &msg_tok);
|
+ gss_release_buffer(&min_status, &msg_tok);
|
||||||
+
|
+
|
||||||
@ -2128,11 +2126,9 @@ index 00000000..0b2f6a56
|
|||||||
+ return r;
|
+ return r;
|
||||||
+}
|
+}
|
||||||
+#endif /* defined(GSSAPI) && defined(WITH_OPENSSL) */
|
+#endif /* defined(GSSAPI) && defined(WITH_OPENSSL) */
|
||||||
diff --git a/kexgsss.c b/kexgsss.c
|
diff --color -ruNp a/kexgsss.c b/kexgsss.c
|
||||||
new file mode 100644
|
--- a/kexgsss.c 1970-01-01 01:00:00.000000000 +0100
|
||||||
index 00000000..60bc02de
|
+++ b/kexgsss.c 2026-03-16 15:45:31.256395698 +0100
|
||||||
--- /dev/null
|
|
||||||
+++ b/kexgsss.c
|
|
||||||
@@ -0,0 +1,482 @@
|
@@ -0,0 +1,482 @@
|
||||||
+/*
|
+/*
|
||||||
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
|
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
|
||||||
@ -2200,7 +2196,8 @@ index 00000000..60bc02de
|
|||||||
+ */
|
+ */
|
||||||
+
|
+
|
||||||
+ OM_uint32 ret_flags = 0;
|
+ OM_uint32 ret_flags = 0;
|
||||||
+ gss_buffer_desc gssbuf = {0, NULL}, recv_tok, msg_tok;
|
+ gss_buffer_desc gssbuf = GSS_C_EMPTY_BUFFER,
|
||||||
|
+ recv_tok = GSS_C_EMPTY_BUFFER, msg_tok = GSS_C_EMPTY_BUFFER;
|
||||||
+ gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
|
+ gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
|
||||||
+ Gssctxt *ctxt = NULL;
|
+ Gssctxt *ctxt = NULL;
|
||||||
+ struct sshbuf *shared_secret = NULL;
|
+ struct sshbuf *shared_secret = NULL;
|
||||||
@ -2304,7 +2301,7 @@ index 00000000..60bc02de
|
|||||||
+ fatal("sshpkt failed: %s", ssh_err(r));
|
+ fatal("sshpkt failed: %s", ssh_err(r));
|
||||||
+ break;
|
+ break;
|
||||||
+ default:
|
+ default:
|
||||||
+ sshpkt_disconnect(ssh,
|
+ ssh_packet_disconnect(ssh,
|
||||||
+ "Protocol error: didn't expect packet type %d",
|
+ "Protocol error: didn't expect packet type %d",
|
||||||
+ type);
|
+ type);
|
||||||
+ }
|
+ }
|
||||||
@ -2403,7 +2400,8 @@ index 00000000..60bc02de
|
|||||||
+ */
|
+ */
|
||||||
+
|
+
|
||||||
+ OM_uint32 ret_flags = 0;
|
+ OM_uint32 ret_flags = 0;
|
||||||
+ gss_buffer_desc gssbuf, recv_tok, msg_tok;
|
+ gss_buffer_desc gssbuf = GSS_C_EMPTY_BUFFER,
|
||||||
|
+ recv_tok = GSS_C_EMPTY_BUFFER, msg_tok = GSS_C_EMPTY_BUFFER;
|
||||||
+ gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
|
+ gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
|
||||||
+ Gssctxt *ctxt = NULL;
|
+ Gssctxt *ctxt = NULL;
|
||||||
+ struct sshbuf *shared_secret = NULL;
|
+ struct sshbuf *shared_secret = NULL;
|
||||||
@ -2459,10 +2457,8 @@ index 00000000..60bc02de
|
|||||||
+ fatal("GSS_GEX, bad parameters: %d !< %d !< %d",
|
+ fatal("GSS_GEX, bad parameters: %d !< %d !< %d",
|
||||||
+ min, nbits, max);
|
+ min, nbits, max);
|
||||||
+ kex->dh = PRIVSEP(choose_dh(min, nbits, max));
|
+ kex->dh = PRIVSEP(choose_dh(min, nbits, max));
|
||||||
+ if (kex->dh == NULL) {
|
+ if (kex->dh == NULL)
|
||||||
+ sshpkt_disconnect(ssh, "Protocol error: no matching group found");
|
+ ssh_packet_disconnect(ssh, "Protocol error: no matching group found");
|
||||||
+ fatal("Protocol error: no matching group found");
|
|
||||||
+ }
|
|
||||||
+
|
+
|
||||||
+ DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g);
|
+ DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g);
|
||||||
+ if ((r = sshpkt_start(ssh, SSH2_MSG_KEXGSS_GROUP)) != 0 ||
|
+ if ((r = sshpkt_start(ssh, SSH2_MSG_KEXGSS_GROUP)) != 0 ||
|
||||||
@ -2500,7 +2496,7 @@ index 00000000..60bc02de
|
|||||||
+ fatal("sshpkt failed: %s", ssh_err(r));
|
+ fatal("sshpkt failed: %s", ssh_err(r));
|
||||||
+ break;
|
+ break;
|
||||||
+ default:
|
+ default:
|
||||||
+ sshpkt_disconnect(ssh,
|
+ ssh_packet_disconnect(ssh,
|
||||||
+ "Protocol error: didn't expect packet type %d",
|
+ "Protocol error: didn't expect packet type %d",
|
||||||
+ type);
|
+ type);
|
||||||
+ }
|
+ }
|
||||||
|
|||||||
12
SOURCES/openssh-8.0p1-reject-cntrl-chars-in-username.patch
Normal file
12
SOURCES/openssh-8.0p1-reject-cntrl-chars-in-username.patch
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
diff --color -ruNp a/ssh.c b/ssh.c
|
||||||
|
--- a/ssh.c 2025-12-10 11:51:34.927545274 +0100
|
||||||
|
+++ b/ssh.c 2025-12-10 12:05:26.210486999 +0100
|
||||||
|
@@ -599,6 +599,8 @@ valid_ruser(const char *s)
|
||||||
|
if (*s == '-')
|
||||||
|
return 0;
|
||||||
|
for (i = 0; s[i] != 0; i++) {
|
||||||
|
+ if (iscntrl((u_char)s[i]))
|
||||||
|
+ return 0;
|
||||||
|
if (strchr("'`\";&<>|(){}", s[i]) != NULL)
|
||||||
|
return 0;
|
||||||
|
/* Disallow '-' after whitespace */
|
||||||
15
SOURCES/openssh-8.7p1-reject-null-char-in-url-string.patch
Normal file
15
SOURCES/openssh-8.7p1-reject-null-char-in-url-string.patch
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
diff --color -ruNp a/misc.c b/misc.c
|
||||||
|
--- a/misc.c 2025-12-09 17:16:21.637368818 +0100
|
||||||
|
+++ b/misc.c 2025-12-09 17:48:22.679192853 +0100
|
||||||
|
@@ -936,9 +936,10 @@ urldecode(const char *src)
|
||||||
|
*dst++ = ' ';
|
||||||
|
break;
|
||||||
|
case '%':
|
||||||
|
+ /* note: don't allow \0 characters */
|
||||||
|
if (!isxdigit((unsigned char)src[1]) ||
|
||||||
|
!isxdigit((unsigned char)src[2]) ||
|
||||||
|
- (ch = hexchar(src + 1)) == -1) {
|
||||||
|
+ (ch = hexchar(src + 1)) == -1 || ch == 0) {
|
||||||
|
free(ret);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
@ -66,7 +66,7 @@
|
|||||||
|
|
||||||
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
||||||
%global openssh_ver 8.0p1
|
%global openssh_ver 8.0p1
|
||||||
%global openssh_rel 25
|
%global openssh_rel 28
|
||||||
%global pam_ssh_agent_ver 0.10.3
|
%global pam_ssh_agent_ver 0.10.3
|
||||||
%global pam_ssh_agent_rel 7
|
%global pam_ssh_agent_rel 7
|
||||||
|
|
||||||
@ -294,6 +294,12 @@ Patch1019: openssh-9.6p1-CVE-2023-51385.patch
|
|||||||
Patch1020: openssh-8.7p1-scp-kill-switch.patch
|
Patch1020: openssh-8.7p1-scp-kill-switch.patch
|
||||||
#upstream commit 96faa0de6c673a2ce84736eba37fc9fb723d9e5c
|
#upstream commit 96faa0de6c673a2ce84736eba37fc9fb723d9e5c
|
||||||
Patch1021: openssh-8.0p1-upstream-ignore-SIGPIPE.patch
|
Patch1021: openssh-8.0p1-upstream-ignore-SIGPIPE.patch
|
||||||
|
#upstream commit 0832aac79517611dd4de93ad0a83577994d9c907
|
||||||
|
Patch1022: openssh-8.0p1-CVE-2025-26465.patch
|
||||||
|
# upstream 35d5917652106aede47621bb3f64044604164043
|
||||||
|
Patch1023: openssh-8.0p1-reject-cntrl-chars-in-username.patch
|
||||||
|
# upstream 43b3bff47bb029f2299bacb6a36057981b39fdb0
|
||||||
|
Patch1024: openssh-8.7p1-reject-null-char-in-url-string.patch
|
||||||
|
|
||||||
License: BSD
|
License: BSD
|
||||||
Group: Applications/Internet
|
Group: Applications/Internet
|
||||||
@ -542,6 +548,9 @@ popd
|
|||||||
%patch1019 -p1 -b .cve-2023-51385
|
%patch1019 -p1 -b .cve-2023-51385
|
||||||
%patch1020 -p1 -b .scp-kill-switch
|
%patch1020 -p1 -b .scp-kill-switch
|
||||||
%patch1021 -p1 -b .ignore-SIGPIPE
|
%patch1021 -p1 -b .ignore-SIGPIPE
|
||||||
|
%patch1022 -p2 -b .cve-2025-26465
|
||||||
|
%patch1023 -p1 -b .reject-cntrl-chars-in-username
|
||||||
|
%patch1024 -p1 -b .reject-null-char-in-url-string
|
||||||
|
|
||||||
autoreconf
|
autoreconf
|
||||||
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
|
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
|
||||||
@ -827,6 +836,22 @@ getent passwd sshd >/dev/null || \
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Mar 16 2026 Zoltan Fridrich <zfridric@redhat.com> - 8.0p1-28
|
||||||
|
- CVE-2026-3497: Fix information disclosure or denial of service due
|
||||||
|
to uninitialized variables in gssapi-keyex
|
||||||
|
Resolves: RHEL-155814
|
||||||
|
|
||||||
|
* Wed Dec 10 2025 Zoltan Fridrich <zfridric@redhat.com> - 8.0p1-27
|
||||||
|
- CVE-2025-61984: Reject usernames with control characters
|
||||||
|
Resolves: RHEL-128400
|
||||||
|
- CVE-2025-61985: Reject URL-strings with NULL characters
|
||||||
|
Resolves: RHEL-128390
|
||||||
|
|
||||||
|
* Wed Aug 20 2025 Antonio Vieiro <avieirov@redhat.com> - 8.0p1-26
|
||||||
|
- Fix missing invalid error code checks in OpenSSH. It prevents
|
||||||
|
a MITM attack when VerifyHostKeyDNS is on (CVE-2025-26465)
|
||||||
|
Resolves: RHEL-109228
|
||||||
|
|
||||||
* Tue Jun 25 2024 Stepan Broz <sbroz@redhat.com> - 8.0p1-25
|
* Tue Jun 25 2024 Stepan Broz <sbroz@redhat.com> - 8.0p1-25
|
||||||
- Upstream: Ignore SIGPIPE earlier in main()
|
- Upstream: Ignore SIGPIPE earlier in main()
|
||||||
Resolves: RHEL-37743
|
Resolves: RHEL-37743
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user