Fix Terrapin attack
Resolves: RHEL-19308
This commit is contained in:
parent
61a590faaf
commit
ff2aae200d
@ -428,6 +428,15 @@ diff -up openssh-8.7p1/sshd.c.kexstrict openssh-8.7p1/sshd.c
|
|||||||
myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(
|
myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(
|
||||||
options.ciphers);
|
options.ciphers);
|
||||||
myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal(
|
myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal(
|
||||||
|
@@ -2586,7 +2586,7 @@ do_ssh2_kex(struct ssh *ssh)
|
||||||
|
if (gss && orig)
|
||||||
|
xasprintf(&newstr, "%s,%s", gss, orig);
|
||||||
|
else if (gss)
|
||||||
|
- newstr = gss;
|
||||||
|
+ xasprintf(&newstr, "%s,%s", gss, "kex-strict-s-v00@openssh.com");
|
||||||
|
else if (orig)
|
||||||
|
newstr = orig;
|
||||||
|
|
||||||
@@ -2650,6 +2654,7 @@ do_ssh2_kex(struct ssh *ssh)
|
@@ -2650,6 +2654,7 @@ do_ssh2_kex(struct ssh *ssh)
|
||||||
packet_send();
|
packet_send();
|
||||||
packet_write_wait();
|
packet_write_wait();
|
||||||
|
@ -66,7 +66,7 @@
|
|||||||
|
|
||||||
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
||||||
%global openssh_ver 8.0p1
|
%global openssh_ver 8.0p1
|
||||||
%global openssh_rel 22
|
%global openssh_rel 23
|
||||||
%global pam_ssh_agent_ver 0.10.3
|
%global pam_ssh_agent_ver 0.10.3
|
||||||
%global pam_ssh_agent_rel 7
|
%global pam_ssh_agent_rel 7
|
||||||
|
|
||||||
@ -821,6 +821,10 @@ getent passwd sshd >/dev/null || \
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jan 05 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-23
|
||||||
|
- Fix Terrapin attack
|
||||||
|
Resolves: RHEL-19308
|
||||||
|
|
||||||
* Thu Dec 21 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-22
|
* Thu Dec 21 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-22
|
||||||
- Fix Terrapin attack
|
- Fix Terrapin attack
|
||||||
Resolves: RHEL-19308
|
Resolves: RHEL-19308
|
||||||
|
Loading…
Reference in New Issue
Block a user