-
Fri Feb 02 2024 Alex Burmashev <alexander.burmashev@oracle.com> 8.0p1-19.0.1.2
- Update patches for CVE-2023-51385, CVE-2023-48795 [Orabug: 36256632]
-
Wed Jan 31 2024 Alan Steinberg <alan.steinberg@oracle.com> - 8.0p1-19.2
- Forbid shell metasymbols in username/hostname
Resolves: CVE-2023-51385
- Fix Terrapin attack
Resolves: CVE-2023-48795
-
Wed Aug 02 2023 Mark Will <mark.will@oracle.com> - 8.0p1-19
- Release bump
-
Thu Jul 20 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-18
- Avoid remote code execution in ssh-agent PKCS#11 support
Resolves: CVE-2023-38408
-
Tue Dec 20 2022 Dmitry Belyavskiy - 8.0p1-17
- Fix parsing of IPv6 IPs in sftp client (#2151334)
- Avoid ssh banner one-byte overflow (#2138344)
- Avoid crash of sshd when Include folder does not exist (#2133087)
-
Wed Jun 29 2022 Zoltan Fridrich <zfridric@redhat.com> - 8.0p1-16
- Omit client side from minimize-sha1-use.patch to prevent regression (#2093897)
-
Thu Jun 23 2022 Zoltan Fridrich <zfridric@redhat.com> - 8.0p1-15
- Fix new issues found by static analyzers
-
Wed Jun 01 2022 Zoltan Fridrich <zfridric@redhat.com> - 8.0p1-14
- Upstream: add a local implementation of BSD realpath() for sftp-server (#2064249)
- Change product name from Fedora to RHEL in openssh-7.8p1-UsePAM-warning.patch (#1953807)
- Include caveat for crypto-policy in sshd manpage (#2044354)
- Change log level of FIPS specific log message to verbose (#2050511)
- Clarify force_file_perms (-m) documentation in sftp-server manpage (#1862504)
- Minimize the use of SHA1 as a proof of possession for RSA key (#2093897)
-
Tue Oct 26 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-13
- Upstream: ClientAliveCountMax=0 disable the connection killing behaviour (#2015828)
-
Wed Oct 20 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-12
- Add support for "Include" directive in sshd_config file (#1926103)