Dmitry Belyavskiy
|
2a5b657c60
|
Possible remote code execution due to a race condition (CVE-2024-6409)
Resolves: RHEL-45741
|
2024-07-09 16:54:56 +02:00 |
|
Dmitry Belyavskiy
|
96149ae84f
|
Possible remote code execution due to a race condition (CVE-2024-6387)
Resolves: RHEL-45348
|
2024-07-04 09:40:52 +02:00 |
|
Dmitry Belyavskiy
|
6ca18e235a
|
Fix ssh multiplexing connect timeout processing
Resolves: RHEL-37748
|
2024-06-03 12:12:04 +02:00 |
|
Zoltan Fridrich
|
17e559c555
|
Add key size variables into sshd.sysconfig
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2024-05-10 10:39:36 +02:00 |
|
Zoltan Fridrich
|
01178d1eef
|
Make default key sizes configurable in sshd-keygen
Resolves: RHEL-26454
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2024-05-09 12:53:59 +02:00 |
|
Zoltan Fridrich
|
7fedb4cdc0
|
Correctly audit hostname and IP address
Resolves: RHEL-22316
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2024-05-09 12:53:59 +02:00 |
|
Dmitry Belyavskiy
|
03eff3f0f1
|
Use FIPS-compatible API for key derivation
Resolves: RHEL-32809
|
2024-04-25 10:07:32 +02:00 |
|
Dmitry Belyavskiy
|
2c2ea1d489
|
Fix Terrapin attack
Resolves: CVE-2023-48795
|
2024-01-05 14:43:26 +01:00 |
|
Dmitry Belyavskiy
|
4c42338c08
|
Fix Terrapin attack
Resolves: CVE-2023-48795
|
2024-01-05 14:28:02 +01:00 |
|
Dmitry Belyavskiy
|
8a8fae36ce
|
Rebuild
Related: RHEL-19789
|
2023-12-21 13:43:57 +01:00 |
|
Dmitry Belyavskiy
|
0521bb1a51
|
Forbid shell metasymbols in username/hostname
Resolves: CVE-2023-51385
|
2023-12-20 12:20:37 +01:00 |
|
Dmitry Belyavskiy
|
d18e1c1119
|
Relax OpenSSH build-time checks for OpenSSL version
Related: RHEL-4734
|
2023-12-20 11:31:43 +01:00 |
|
Dmitry Belyavskiy
|
54fc8050ff
|
Fix Terrapin attack
Resolves: CVE-2023-48795
|
2023-12-20 11:26:41 +01:00 |
|
Dmitry Belyavskiy
|
5838d35972
|
Move users/groups creation logic to sysusers.d fragments
Resolves: RHEL-5222
|
2023-10-24 14:22:42 +02:00 |
|
Dmitry Belyavskiy
|
a43be164ec
|
Limit artificial delays in sshd while login using AD user
Resolves: RHEL-2469
|
2023-10-23 13:33:49 +02:00 |
|
Dmitry Belyavskiy
|
d8b51e8341
|
Relax OpenSSH checks for OpenSSL version
Resolves: RHEL-4734
|
2023-10-23 12:59:46 +02:00 |
|
Dmitry Belyavskiy
|
edaf6c0fb4
|
Avoid remote code execution in ssh-agent PKCS#11 support
Resolves: CVE-2023-38408
|
2023-07-20 12:10:35 +02:00 |
|
Dmitry Belyavskiy
|
6fa799e1aa
|
Avoid remote code execution in ssh-agent PKCS#11 support
Resolves: CVE-2023-38408
|
2023-07-20 12:02:42 +02:00 |
|
Dmitry Belyavskiy
|
c5140cafa3
|
Allow specifying validity interval in UTC
Resolves: rhbz#2115043
|
2023-06-14 11:15:41 +02:00 |
|
Norbert Pocs
|
415f8e730b
|
Clarify rhbz#2068423 on the ssh_config man page
Resolves: rhbz#2209096
Signed-off-by: Norbert Pocs <npocs@redhat.com>
|
2023-06-02 09:16:33 +02:00 |
|
Norbert Pocs
|
6b2353418c
|
Fix regression in pkcs11 introduced in the previous patch
Resolves: rhbz#2207793
Signed-off-by: Norbert Pocs <npocs@redhat.com>
|
2023-05-25 09:22:24 +02:00 |
|
Norbert Pocs
|
48718a1a72
|
Delete unneeded debug messages from fips-compl-dh patch
Related: rhbz#2091694
Signed-off-by: Norbert Pocs <npocs@redhat.com>
|
2023-05-25 09:17:38 +02:00 |
|
Norbert Pocs
|
1490ffd3e0
|
Fix minor issues with openssh-8.7p1-evp-fips-compl-dh.patch
- Check return values
- Use EVP API to get the size of DH
Related: rhbz#2091694
Signed-off-by: Norbert Pocs <npocs@redhat.com>
|
2023-05-16 15:50:52 +02:00 |
|
Norbert Pocs
|
587d7b215f
|
Add FIPS compliance efforts for dh, ecdh and signing
Resolves: rhbz#2091694
Signed-off-by: Norbert Pocs <npocs@redhat.com>
|
2023-05-03 15:52:40 +02:00 |
|
Dmitry Belyavskiy
|
b5ba5af997
|
Eliminating remnants of SHA1 usage in OpenSSH
Resolves: rhbz#2070163
|
2023-04-28 16:04:07 +02:00 |
|
Dmitry Belyavskiy
|
cc7d7a5730
|
Some non-terminating processes were listening on ports.
Resolves: rhbz#2177768
|
2023-04-20 17:29:37 +02:00 |
|
Dmitry Belyavskiy
|
f7003be68c
|
Resolve possible self-DoS with some clients
Resolves: rhbz#2186473
|
2023-04-13 14:24:35 +02:00 |
|
Dmitry Belyavskiy
|
42aa6f597e
|
Do not try to use SHA1 for host key ownership proof when we don't support it server-side
Related: rhbz#2088750
|
2023-01-13 15:24:38 +01:00 |
|
Dmitry Belyavskiy
|
ebbbfce0aa
|
Do not try to use SHA1 for host key ownership proof when we don't support it server-side
Resolves: rhbz#2088750
|
2023-01-12 16:16:08 +01:00 |
|
Zoltan Fridrich
|
5cfb97500b
|
Add sk-dummy subpackage for test purposes
Resolves: rhbz#2092780
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2023-01-12 11:23:15 +01:00 |
|
Dmitry Belyavskiy
|
6f747825fa
|
Minor cleanups from upstream
Fix one-byte overflow in SSH banner processing
Resolves: rhbz#2138345
Fix double free() in error path
Resolves: rhbz#2138347
|
2023-01-06 11:57:27 +01:00 |
|
Dmitry Belyavskiy
|
b0f3205a21
|
- Build fix after OpenSSL rebase
Resolves: rhbz#2153626
|
2022-12-16 11:52:54 +01:00 |
|
Dmitry Belyavskiy
|
ad9644f74c
|
Set minimal value of RSA key length via configuration option
Added a support for our name as alias.
Resolves: rhbz#2128352
|
2022-09-23 11:14:03 +02:00 |
|
Dmitry Belyavskiy
|
d4ff0b8809
|
Set minimal value of RSA key length via configuration option
Resolves: rhbz#2128352
|
2022-09-22 14:48:29 +02:00 |
|
Dmitry Belyavskiy
|
d925600c40
|
Set minimal value of RSA key length via configuration option
Related: rhbz#2066882
|
2022-08-16 19:33:50 +02:00 |
|
Dmitry Belyavskiy
|
a0db6b2b7f
|
Avoid spirous message on connecting to the machine with ssh-rsa keys
Related: rhbz#2115246
|
2022-08-16 14:32:50 +02:00 |
|
Dmitry Belyavskiy
|
b53c538acd
|
IBMCA workaround
Related: rhbz#1976202
|
2022-08-04 14:37:20 +02:00 |
|
Zoltan Fridrich
|
1d30b84a88
|
Fix openssh-8.7p1-scp-clears-file.patch
Related: rhbz#2056884
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2022-07-26 16:14:15 +02:00 |
|
Dmitry Belyavskiy
|
9591af3b1d
|
FIX pam_ssh_agent_auth auth for RSA keys
Related: rhbz#2070113
|
2022-07-15 16:52:19 +02:00 |
|
Zoltan Fridrich
|
9697eecfeb
|
Fix new coverity issues
Related: rhbz#2068423
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2022-07-15 10:20:09 +02:00 |
|
Dmitry Belyavskiy
|
d23afae05f
|
Disable ed25519 and ed25519-sk keys in FIPS mode
Related: rhbz#2087915
|
2022-07-14 16:15:05 +02:00 |
|
Zoltan Fridrich
|
e8622f8c21
|
Don't propose disallowed algorithms during hostkey negotiation
Resolves: rhbz#2068423
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2022-07-14 13:05:12 +02:00 |
|
Dmitry Belyavskiy
|
b17ff3bc91
|
Disable ed25519 and ed25519-sk keys in FIPS mode
Related: rhbz#2087915
|
2022-07-14 12:23:52 +02:00 |
|
Dmitry Belyavskiy
|
0d823b2f2a
|
Disable ed25519 and ed25519-sk keys in FIPS mode
Related: rhbz#2087915
|
2022-07-13 16:24:55 +02:00 |
|
Zoltan Fridrich
|
821045a148
|
Add reference for policy customization in ssh/sshd_config manpages
Resolves: rhbz#1984575
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2022-07-12 15:32:37 +02:00 |
|
Dmitry Belyavskiy
|
3990967629
|
Disable ed25519 and ed25519-sk keys in FIPS mode
Related: rhbz#2087915
|
2022-07-12 13:37:26 +02:00 |
|
Dmitry Belyavskiy
|
32a82650cf
|
Disable sntrup761x25519-sha512 in FIPS mode
Related: rhbz#2070628
|
2022-07-12 13:37:24 +02:00 |
|
Zoltan Fridrich
|
fd0d5a4f44
|
Fix host-based authentication with rsa keys
Resolves: rhbz#2088916
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2022-07-12 11:52:38 +02:00 |
|
Zoltan Fridrich
|
9bf7b4f39d
|
Fix gssapi authentication failures
Resolves: rhbz#2091023
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2022-07-12 11:52:38 +02:00 |
|
Zoltan Fridrich
|
585620b0f1
|
Fix several memory leaks
Related: rhbz#2068423
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2022-07-12 11:52:38 +02:00 |
|