Name: | openssh |
---|---|
Version: | 7.4p1 |
Release: | 23.0.1.el7_9 |
Architecture: | x86_64 |
Group: | Applications/Internet |
Size: | 1991172 |
License: | BSD |
RPM: | openssh-7.4p1-23.0.1.el7_9.x86_64.rpm |
Source RPM: | openssh-7.4p1-23.0.1.el7_9.src.rpm |
Build Date: | Tue Aug 01 2023 |
Build Host: | build-ol7-x86_64.oracle.com |
Vendor: | Oracle America |
URL: | http://www.openssh.com/portable.html |
Summary: | An open source implementation of SSH protocol versions 1 and 2 |
Description: | SSH (Secure SHell) is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's version of the last free version of SSH, bringing it up to date in terms of security and features. This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. |
- enlarge format buffer size for certificate serial number so the log message can record any 64-bit integer without truncation (openssh bz#3012) [Orabug: 30448895]
- Avoid remote code execution in ssh-agent PKCS#11 support Resolves: CVE-2023-38408
- avoid segfault in Kerberos cache cleanup (#1999263) - fix CVE-2021-41617 (#2008884)
- Avoid double comma in the default cipher list in FIPS mode (#1722446)
- Revert the updating of cached passwd structure (#1712053)
- Update cached passwd structure after PAM authentication (#1674541)
- invalidate supplemental group cache used by temporarily_use_uid() when the target uid differs (#1583735)
- Fix for CVE-2018-15473 (#1619079) - Enable GCM mode for AES ciphers in FIPS mode (#1600869)
- Fix for CVE-2017-15906 (#1517226)
- Do not hang if SSH AuthorizedKeysCommand output is too large (#1496467) - Do not segfault pam_ssh_agent_auth if keyfile is missing (#1494268) - Do not segfault in audit code during cleanup (#1488083) - Add WinSCP 5.10+ compatibility (#1496808) - Clatch between ClientAlive and rekeying timeouts (#1480510) - Exclude dsa and ed25519 from default proposed keys in FIPS mode (#1456853) - Add enablement for openssl-ibmca and openssl-ibmpkcs11 (#1478035)