Fix Terrapin attack

Resolves: RHEL-19308
This commit is contained in:
Dmitry Belyavskiy 2024-01-05 15:09:14 +01:00
parent 61a590faaf
commit ff2aae200d
2 changed files with 14 additions and 1 deletions

View File

@ -428,6 +428,15 @@ diff -up openssh-8.7p1/sshd.c.kexstrict openssh-8.7p1/sshd.c
myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(
options.ciphers);
myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal(
@@ -2586,7 +2586,7 @@ do_ssh2_kex(struct ssh *ssh)
if (gss && orig)
xasprintf(&newstr, "%s,%s", gss, orig);
else if (gss)
- newstr = gss;
+ xasprintf(&newstr, "%s,%s", gss, "kex-strict-s-v00@openssh.com");
else if (orig)
newstr = orig;
@@ -2650,6 +2654,7 @@ do_ssh2_kex(struct ssh *ssh)
packet_send();
packet_write_wait();

View File

@ -66,7 +66,7 @@
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%global openssh_ver 8.0p1
%global openssh_rel 22
%global openssh_rel 23
%global pam_ssh_agent_ver 0.10.3
%global pam_ssh_agent_rel 7
@ -821,6 +821,10 @@ getent passwd sshd >/dev/null || \
%endif
%changelog
* Fri Jan 05 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-23
- Fix Terrapin attack
Resolves: RHEL-19308
* Thu Dec 21 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-22
- Fix Terrapin attack
Resolves: RHEL-19308