Avoid remote code execution in ssh-agent PKCS#11 support
Resolves: CVE-2023-38408
This commit is contained in:
parent
6fa799e1aa
commit
edaf6c0fb4
10
openssh.spec
10
openssh.spec
@ -51,7 +51,7 @@
|
||||
|
||||
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
||||
%global openssh_ver 8.7p1
|
||||
%global openssh_rel 33
|
||||
%global openssh_rel 34
|
||||
%global pam_ssh_agent_ver 0.10.4
|
||||
%global pam_ssh_agent_rel 5
|
||||
|
||||
@ -279,6 +279,9 @@ Patch1013: openssh-8.7p1-man-hostkeyalgos.patch
|
||||
# b98a42afb69d60891eb0488935990df6ee571c4
|
||||
# a00f59a645072e5f5a8d207af15916a7b23e2642
|
||||
Patch1014: openssh-8.7p1-UTC-time-parse.patch
|
||||
# upsream commit
|
||||
# b23fe83f06ee7e721033769cfa03ae840476d280
|
||||
Patch1015: openssh-9.3p1-upstream-cve-2023-38408.patch
|
||||
|
||||
License: BSD
|
||||
Requires: /sbin/nologin
|
||||
@ -497,6 +500,7 @@ popd
|
||||
|
||||
%patch1013 -p1 -b .man-hostkeyalgos
|
||||
%patch1014 -p1 -b .utc_parse
|
||||
%patch1015 -p1 -b .cve-2023-38408
|
||||
|
||||
autoreconf
|
||||
pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver}
|
||||
@ -783,6 +787,10 @@ test -f %{sysconfig_anaconda} && \
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Jul 20 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-34
|
||||
- Avoid remote code execution in ssh-agent PKCS#11 support
|
||||
Resolves: CVE-2023-38408
|
||||
|
||||
* Tue Jun 13 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-33
|
||||
- Allow specifying validity interval in UTC
|
||||
Resolves: rhbz#2115043
|
||||
|
Loading…
Reference in New Issue
Block a user