rpms/openssh
7
0
Fork 2
Code Issues Pull Requests Releases Activity
113 Commits 16 Branches 129 Tags 12 MiB
c9s
Commit Graph

113 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Zoltan Fridrich
f25c2f5743 Fix CVE-2026-35386 
Add validation rules to usernames and hostnames
set for ProxyJump/-J on the commandline

Resolves: RHEL-166219

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-04-14 10:48:00 +02:00
Zoltan Fridrich
aeac20e69c Fix CVE-2026-35414 
Fix mishandling of authorized_keys principals option

Resolves: RHEL-166203

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-04-14 10:45:18 +02:00
Zoltan Fridrich
99fe8be9db Fix CVE-2026-35387 
Fix incomplete application of PubkeyAcceptedAlgorithms
and HostbasedAcceptedAlgorithms with regard to ECDSA keys

Resolves: RHEL-166235

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-04-14 10:42:30 +02:00
Zoltan Fridrich
543ad4010f Fix CVE-2026-35388 
Add connection multiplexing confirmation for proxy-mode
multiplexing sessions

Resolves: RHEL-166251

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-04-14 10:39:41 +02:00
Zoltan Fridrich
fe1ca1cded Fix CVE-2026-35385 
Fix privilege escalation via scp legacy protocol
when not in preserving file mode

Resolves: RHEL-164754

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-04-08 15:55:24 +02:00
Zoltan Fridrich
a3754bfa18 Ssh should refuse connection when mlkem kex is specified in FIPS 
Resolves: RHEL-155161

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-04-08 15:49:23 +02:00
Zoltan Fridrich
5f61c2a34a Fix static analysis issues 
Resolves: RHEL-163366

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-04-08 15:49:23 +02:00
Zoltan Fridrich
7bbb888e50 Version bump 
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-03-26 12:02:24 +01:00
Zoltan Fridrich
3aa56f0911 Fix incorrect claim about SSH_AUTH_SOCK in pam_ssh_agent_auth manual page 
Resolves: RHEL-122302

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-03-17 15:51:21 +01:00
Zoltan Fridrich
59346084f6 Fix CVE-2026-3497 
Fix information disclosure or denial of service due
to uninitialized variables in gssapi-keyex

Resolves: RHEL-155825

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-03-17 15:29:50 +01:00
Dmitry Belyavskiy
08d29bf220 Provide a way to skip unsupported ML-KEM hybrid algorithms in FIPS mode 
Resolves: RHEL-151580
 2026-02-27 10:58:34 +01:00
Zoltan Fridrich
9b2158d190 CVE-2025-61985: Reject URL-strings with NULL characters 
Resolves: RHEL-133960

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2025-12-09 14:56:31 +01:00
Zoltan Fridrich
b31035999d CVE-2025-61984: Reject usernames with control characters 
Resolves: RHEL-133959

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2025-12-09 14:55:15 +01:00
Zoltan Fridrich
089b1c70fd Enable support for DSA keys 
Resolves: RHEL-127624

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2025-12-09 14:53:50 +01:00
Zoltan Fridrich
26a01acfd3 Canonicalize username when matching a user 
Resolves: RHEL-118372

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2025-10-29 16:21:26 +01:00
Zoltan Fridrich
d2149d14ab Fix implicit destination path selection when source path ends with ".." 
Resolves: RHEL-119515

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2025-10-29 16:21:26 +01:00
Pavol Žáčik
6e480ba399
Rebase to 9.9p1 
Resolves: RHEL-108912
 2025-09-11 09:47:44 +02:00
Zoltan Fridrich
890a02a458 Move the redhat help message to debug1 log level 
Resolves: RHEL-104580

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2025-07-21 16:31:16 +02:00
Dmitry Belyavskiy
2a4cfc7fd4 Correct error code processing 
Fix missing error codes set and invalid error code checks in OpenSSH. It
prevents memory exhaustion attack and a MITM attack when VerifyHostKeyDNS
is on (CVE-2025-26465).

Resolves: RHEL-78700
 2025-02-18 11:35:06 +01:00
Miluse Bezo Konecna
0fd4a1cd57 CI setup for RHEL-9 2025-01-08 12:12:02 +01:00
Dmitry Belyavskiy
76b570ae7c Allow duplicate Subsystem directive 
Resolves: RHEL-47112
 2024-10-21 13:38:05 +02:00
Dmitry Belyavskiy
2282e9f646 Provide details on crypto error instead of "error in libcrypto" 
Resolves: RHEL-52293
 2024-10-21 13:36:43 +02:00
Dmitry Belyavskiy
48c1a09ba9 Add extra help information on ssh early failure 
Resolves: RHEL-33809
 2024-10-21 11:14:09 +02:00
Dmitry Belyavskiy
2a5b657c60 Possible remote code execution due to a race condition (CVE-2024-6409) 
Resolves: RHEL-45741
 2024-07-09 16:54:56 +02:00
Dmitry Belyavskiy
96149ae84f Possible remote code execution due to a race condition (CVE-2024-6387) 
Resolves: RHEL-45348
 2024-07-04 09:40:52 +02:00
Dmitry Belyavskiy
6ca18e235a Fix ssh multiplexing connect timeout processing 
Resolves: RHEL-37748
 2024-06-03 12:12:04 +02:00
Zoltan Fridrich
17e559c555 Add key size variables into sshd.sysconfig 
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2024-05-10 10:39:36 +02:00
Zoltan Fridrich
01178d1eef Make default key sizes configurable in sshd-keygen 
Resolves: RHEL-26454

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2024-05-09 12:53:59 +02:00
Zoltan Fridrich
7fedb4cdc0 Correctly audit hostname and IP address 
Resolves: RHEL-22316

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2024-05-09 12:53:59 +02:00
Dmitry Belyavskiy
03eff3f0f1 Use FIPS-compatible API for key derivation 
Resolves: RHEL-32809
 2024-04-25 10:07:32 +02:00
Dmitry Belyavskiy
2c2ea1d489 Fix Terrapin attack 
Resolves: CVE-2023-48795
 2024-01-05 14:43:26 +01:00
Dmitry Belyavskiy
4c42338c08 Fix Terrapin attack 
Resolves: CVE-2023-48795
 2024-01-05 14:28:02 +01:00
Dmitry Belyavskiy
8a8fae36ce Rebuild 
Related: RHEL-19789
 2023-12-21 13:43:57 +01:00
Dmitry Belyavskiy
0521bb1a51 Forbid shell metasymbols in username/hostname 
Resolves: CVE-2023-51385
 2023-12-20 12:20:37 +01:00
Dmitry Belyavskiy
d18e1c1119 Relax OpenSSH build-time checks for OpenSSL version 
Related: RHEL-4734
 2023-12-20 11:31:43 +01:00
Dmitry Belyavskiy
54fc8050ff Fix Terrapin attack 
Resolves: CVE-2023-48795
 2023-12-20 11:26:41 +01:00
Dmitry Belyavskiy
5838d35972 Move users/groups creation logic to sysusers.d fragments 
Resolves: RHEL-5222
 2023-10-24 14:22:42 +02:00
Dmitry Belyavskiy
a43be164ec Limit artificial delays in sshd while login using AD user 
Resolves: RHEL-2469
 2023-10-23 13:33:49 +02:00
Dmitry Belyavskiy
d8b51e8341 Relax OpenSSH checks for OpenSSL version 
Resolves: RHEL-4734
 2023-10-23 12:59:46 +02:00
Dmitry Belyavskiy
edaf6c0fb4 Avoid remote code execution in ssh-agent PKCS#11 support 
Resolves: CVE-2023-38408
 2023-07-20 12:10:35 +02:00
Dmitry Belyavskiy
6fa799e1aa Avoid remote code execution in ssh-agent PKCS#11 support 
Resolves: CVE-2023-38408
 2023-07-20 12:02:42 +02:00
Dmitry Belyavskiy
c5140cafa3 Allow specifying validity interval in UTC 
Resolves: rhbz#2115043
 2023-06-14 11:15:41 +02:00
Norbert Pocs
415f8e730b Clarify rhbz#2068423 on the ssh_config man page 
Resolves: rhbz#2209096

Signed-off-by: Norbert Pocs <npocs@redhat.com>
 2023-06-02 09:16:33 +02:00
Norbert Pocs
6b2353418c Fix regression in pkcs11 introduced in the previous patch 
Resolves: rhbz#2207793

Signed-off-by: Norbert Pocs <npocs@redhat.com>
 2023-05-25 09:22:24 +02:00
Norbert Pocs
48718a1a72 Delete unneeded debug messages from fips-compl-dh patch 
Related: rhbz#2091694

Signed-off-by: Norbert Pocs <npocs@redhat.com>
 2023-05-25 09:17:38 +02:00
Norbert Pocs
1490ffd3e0 Fix minor issues with openssh-8.7p1-evp-fips-compl-dh.patch 
- Check return values
- Use EVP API to get the size of DH

Related: rhbz#2091694

Signed-off-by: Norbert Pocs <npocs@redhat.com>
 2023-05-16 15:50:52 +02:00
Norbert Pocs
587d7b215f Add FIPS compliance efforts for dh, ecdh and signing 
Resolves: rhbz#2091694

Signed-off-by: Norbert Pocs <npocs@redhat.com>
 2023-05-03 15:52:40 +02:00
Dmitry Belyavskiy
b5ba5af997 Eliminating remnants of SHA1 usage in OpenSSH 
Resolves: rhbz#2070163
 2023-04-28 16:04:07 +02:00
Dmitry Belyavskiy
cc7d7a5730 Some non-terminating processes were listening on ports. 
Resolves: rhbz#2177768
 2023-04-20 17:29:37 +02:00
Dmitry Belyavskiy
f7003be68c Resolve possible self-DoS with some clients 
Resolves: rhbz#2186473
 2023-04-13 14:24:35 +02:00