rpms/openssh
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Fix Terrapin attack

Browse Source 
Resolves: CVE-2023-48795
This commit is contained in:
Dmitry Belyavskiy 2024-01-05 14:28:02 +01:00
parent 8a8fae36ce
commit 4c42338c08
2 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
openssh-9.6p1-CVE-2023-48795.patch
View File

@ -428,6 +428,15 @@ diff -up openssh-8.7p1/sshd.c.kexstrict openssh-8.7p1/sshd.c
myproposal[PROPOSAL_ENC_ALGS_CTOS] = myproposal[PROPOSAL_ENC_ALGS_CTOS] =
myproposal[PROPOSAL_ENC_ALGS_STOC] = prop_enc = myproposal[PROPOSAL_ENC_ALGS_STOC] = prop_enc =
compat_cipher_proposal(ssh, options.ciphers); compat_cipher_proposal(ssh, options.ciphers);
@@ -2586,7 +2586,7 @@ do_ssh2_kex(struct ssh *ssh)
if (gss && orig)
xasprintf(&newstr, "%s,%s", gss, orig);
else if (gss)
- newstr = gss;
+ xasprintf(&newstr, "%s,%s", gss, "kex-strict-s-v00@openssh.com");
else if (orig)
newstr = orig;
@@ -2650,6 +2654,7 @@ do_ssh2_kex(struct ssh *ssh) @@ -2650,6 +2654,7 @@ do_ssh2_kex(struct ssh *ssh)
#endif #endif
free(prop_kex); free(prop_kex);

4
openssh.spec
View File

@ -798,6 +798,10 @@ test -f %{sysconfig_anaconda} && \
%endif %endif
%changelog %changelog
* Fri Jan 05 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-37
- Fix Terrapin attack
Resolves: CVE-2023-48795
* Wed Dec 20 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-36 * Wed Dec 20 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-36
- Fix Terrapin attack - Fix Terrapin attack
Resolves: CVE-2023-48795 Resolves: CVE-2023-48795