openssh

Author	SHA1	Message	Date
Dmitry Belyavskiy	125c748cc9	Add missing NULL check for server key generation in ML-KEM hybrids Resolves: RHEL-168106	2026-04-14 16:24:03 +02:00
Dmitry Belyavskiy	b35a30acc7	Improve keytab detection when obtaining Kerberos tickets on behalf of user on SSH authentication Related: RHEL-92932	2026-04-14 16:19:58 +02:00
Zoltan Fridrich	8edc05030d	Fix CVE-2026-35386 Add validation rules to usernames and hostnames set for ProxyJump/-J on the commandline Resolves: RHEL-166207 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>	2026-04-10 16:20:30 +02:00
Zoltan Fridrich	88128fdefa	Fix CVE-2026-35414 Fix mishandling of authorized_keys principals option Resolves: RHEL-166191 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>	2026-04-10 13:19:44 +02:00
Zoltan Fridrich	418d6a85be	Fix CVE-2026-35387 Fix incomplete application of PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms with regard to ECDSA keys Resolves: RHEL-166223 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>	2026-04-10 13:09:18 +02:00
Zoltan Fridrich	b39c465ad2	Fix CVE-2026-35388 Add connection multiplexing confirmation for proxy-mode multiplexing sessions Resolves: RHEL-166239 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>	2026-04-10 13:05:15 +02:00
Zoltan Fridrich	4ca20e1c2c	Fix CVE-2026-35385 Fix privilege escalation via scp legacy protocol when not in preserving file mode Resolves: RHEL-164740 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>	2026-04-07 16:33:04 +02:00
Zoltan Fridrich	27f5b6826e	Ssh should refuse connection when mlkem kex is specified in FIPS Resolves: RHEL-155178 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>	2026-04-02 16:47:11 +02:00
Zoltan Fridrich	7f2ed42778	Fix static analysis issues Resolves: RHEL-163365 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>	2026-04-01 16:04:15 +02:00
Zoltan Fridrich	1ea96929c7	Fix typo in SPDX license name Resolves: RHEL-161464 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>	2026-03-27 09:46:13 +01:00
Zoltan Fridrich	7c2c5a7cd0	Fix typo in GSSAPIProxyS4U2Services Related: RHEL-92932 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>	2026-03-23 09:36:21 +01:00
Zoltan Fridrich	ef90c25403	Fix duplicate audit log entry when destroying ed25519 private keys Resolves: RHEL-46782 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>	2026-03-20 15:04:10 +01:00
Zoltan Fridrich	3f5a4dc4f9	Don't negotiate non-FIPS algorithms in ssh-keyscan key exchange in FIPS mode Resolves: RHEL-88565 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>	2026-03-18 16:05:26 +01:00
Zoltan Fridrich	f5a6642da3	Fix CVE-2026-3497 Fix information disclosure or denial of service due to uninitialized variables in gssapi-keyex Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>	2026-03-13 12:58:59 +01:00
Zoltan Fridrich	5112fd1dbb	Fix GSSAPI authentication indicator issues found by AI Resolves: RHEL-154309 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>	2026-03-12 16:44:06 +01:00
Zoltan Fridrich	952d882d0a	Fix mistracking of MaxStartups process exits in some situations Resolves: RHEL-121768 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>	2026-03-12 16:44:06 +01:00
Zoltan Fridrich	394f1022a0	First property value in config should win Only the first value of MaxStartups, PerSourceNetBlockSize and IPQoS in sshd_config should count when defined multiple times Resolves: RHEL-150365 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>	2026-03-12 16:43:39 +01:00
Zoltan Fridrich	0a7a052f87	Remove recommendation of p11-kit Resolves: RHEL-139070 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>	2026-03-12 12:44:14 +01:00
Dmitry Belyavskiy	f7363d9b66	Implement obtaining Kerberos tickets on behalf of user on SSH authentication Resolves: RHEL-92932	2026-03-11 11:52:43 +01:00
Dmitry Belyavskiy	40a368d891	Provide a way to skip unsupported ML-KEM hybrid algorithms in FIPS mode Resolves: RHEL-151579	2026-02-27 11:39:42 +01:00
Dmitry Belyavskiy	0eb85c5308	Support of hybrid MLKEM key exchange methods in FIPS mode Resolves: RHEL-125929	2025-12-12 12:55:41 +01:00
Dmitry Belyavskiy	2c179221a3	Adding a mechanism to disable GSSAPIDelegateCredentials in sshd_config Resolves: RHEL-5281	2025-12-05 16:36:17 +01:00
Zoltan Fridrich	40f5f26708	CVE-2025-61985: Reject URL-strings with NULL characters Resolves: RHEL-128388 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>	2025-12-05 10:27:33 +01:00
Zoltan Fridrich	3ed25d6be7	CVE-2025-61984: Reject usernames with control characters Resolves: RHEL-128399 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>	2025-12-05 10:24:20 +01:00
Dmitry Belyavskiy	d6c153ae72	Implement mlkem768nistp256-sha256 and mlkem1024nistp384-sha384 KEX methods Resolves: RHEL-70824	2025-11-03 12:56:38 +01:00
Zoltan Fridrich	bf1cef9a73	Canonicalize username when matching a user Resolves: RHEL-101440 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>	2025-10-29 16:05:17 +01:00
Zoltan Fridrich	24c1261105	Fix implicit destination path selection when source path ends with ".." Resolves: RHEL-118406 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>	2025-10-29 16:05:17 +01:00
Dmitry Belyavskiy	5be8bc1b40	Relax GSS Kex restriction in FIPS mode Resolves: RHEL-91181	2025-09-15 15:36:27 +02:00
Dmitry Belyavskiy	ab204f7870	Allow non-cryptographical use of MD5 in GSS Kex in FIPS mode Related: RHEL-91181	2025-09-02 12:41:17 +02:00
Dmitry Belyavskiy	79ecdd9f8c	Relax GSS Kex restriction in FIPS mode Resolves: RHEL-91181	2025-08-04 15:54:13 +02:00
Zoltan Fridrich	2303b82ca8	Move the redhat help message to debug1 log level Resolves: RHEL-93957 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>	2025-07-17 15:02:56 +02:00
Dmitry Belyavskiy	f897faab42	Support for authentication indicators in OpenSSH Resolves: RHEL-40790	2025-06-26 17:00:42 +02:00
Zoltan Fridrich	b5213cc0b3	Ignore bad hostkeys in known_hosts file Resolves: RHEL-83644 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>	2025-04-30 15:58:51 +02:00
Zoltan Fridrich	86023c8a72	Provide better error for non-supported private keys Resolves: RHEL-68124 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>	2025-04-29 12:32:20 +02:00
Zoltan Fridrich	f4e43bc272	CVE-2025-32728: Fix logic error in DisableForwarding option Resolves: RHEL-86819 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>	2025-04-29 12:32:10 +02:00
Dmitry Belyavskiy	f218c44b65	Supress systemd warning Resolves: RHEL-84816	2025-04-17 11:55:01 +02:00
Dmitry Belyavskiy	5d9e98be09	Correct processing of Compression directive Resolves: RHEL-68346	2025-03-20 13:42:58 +01:00
Dmitry Belyavskiy	02b3faa9d1	OpenSSH should not use its own implementation of MLKEM Resolves: RHEL-58252	2025-03-20 12:23:04 +01:00
Dmitry Belyavskiy	747a4a8376	rebuilt Related: RHEL-78699	2025-02-18 18:08:09 +01:00
Dmitry Belyavskiy	3b2fe2b8e6	OpenSSH error code issues Fix missing error codes set and invalid error code checks in OpenSSH. It prevents memory exhaustion attack and a MITM attack when VerifyHostKeyDNS is on (CVE-2025-26465, CVE-2025-26466). Resolves: RHEL-78699 Resolves: RHEL-78943	2025-02-18 10:59:20 +01:00
Dmitry Belyavskiy	006127a476	Fix regression of Match directive processing Related: RHEL-76317	2025-02-13 12:29:58 +01:00
Dmitry Belyavskiy	b182959e95	Avoid linking issues for openssl logging Related: RHEL-63190	2025-01-27 13:25:09 +01:00
Dmitry Belyavskiy	35bf325387	Fix regression of Match directive processing Resolves: RHEL-76317	2025-01-27 12:38:23 +01:00
Troy Dawson	84c0936017	Bump release for October 2024 mass rebuild: Resolves: RHEL-64018	2024-10-29 08:53:07 -07:00
Dmitry Belyavskiy	15a3247272	Fix MLKEM for BE platforms Related: RHEL-60564	2024-10-28 17:49:18 +01:00
Dmitry Belyavskiy	6ec986a4e3	Provide details on crypto error instead of "error in libcrypto" Resolves: RHEL-63190	2024-10-22 11:57:53 +02:00
Dmitry Belyavskiy	ebb51c8cab	Extra help information should not be printed if stderr is not a TTY Resolves: RHEL-63061	2024-10-18 16:14:10 +02:00
Dmitry Belyavskiy	84ad70de57	Add extra help information on ssh early failure Resolves: RHEL-62718	2024-10-15 13:47:43 +02:00
Dmitry Belyavskiy	ebf2d5fd08	Resolve memory management issues after rebase Related: RHEL-60564	2024-10-15 13:46:17 +02:00
Zoltan Fridrich	384febcdc2	Gssapi-keyex: fix issues found by static analysis Related: RHEL-60564 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>	2024-10-14 16:05:48 +02:00

1 2 3 4 5 ...

1273 Commits