[ol9_appstream] openssh-askpass-8.7p1-34.el9_3.3.aarch64

Name:	openssh-askpass
Version:	8.7p1
Release:	34.el9_3.3
Architecture:	aarch64
Group:	Unspecified
Size:	68786
License:	BSD
RPM:	openssh-askpass-8.7p1-34.el9_3.3.aarch64.rpm
Source RPM:	openssh-8.7p1-34.el9_3.3.src.rpm
Build Date:	Wed Mar 06 2024
Build Host:	build-ol9-aarch64.oracle.com
Vendor:	Oracle America
URL:	http://www.openssh.com/portable.html
Summary:	A passphrase dialog for OpenSSH and X
Description:	OpenSSH is a free version of SSH (Secure SHell), a program for logging into and executing commands on a remote machine. This package contains an X11 passphrase dialog for OpenSSH.

Changelog (Show File list) (Show related packages)

Wed Mar 06 2024 Craig Guiller <craig.guiller@oracle.com> - 8.7p1-34.3

- Fix Terrapin attack (CVE-2023-48795)
  Resolves: RHEL-19764
- Forbid shell metasymbols in username/hostname (CVE-2023-51385)
  Resolves: RHEL-19822

Thu Jul 20 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-34

- Avoid remote code execution in ssh-agent PKCS#11 support
  Resolves: CVE-2023-38408

Tue Jun 13 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-33

- Allow specifying validity interval in UTC
  Resolves: rhbz#2115043

Wed May 24 2023 Norbert Pocs <npocs@redhat.com> - 8.7p1-32

- Fix pkcs11 issue with the recent changes
- Delete unnecessary log messages from previous compl-dh patch
- Add ssh_config man page explanation on rhbz#2068423
- Resolves: rhbz#2207793, rhbz#2209096

Tue May 16 2023 Norbert Pocs <npocs@redhat.com> - 8.7p1-31

- Fix minor issues with openssh-8.7p1-evp-fips-compl-dh.patch:
- Check return values
- Use EVP API to get the size of DH
- Add some log debug lines
- Related: rhbz#2091694

Thu Apr 20 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-30

- Some non-terminating processes were listening on ports.
  Resolves: rhbz#2177768
- On sshd startup, we check whether signing using the SHA1 for signing is
  available and don't use it when it isn't.
- On ssh private key conversion we explicitly use SHA2 for testing RSA keys.
- In sshd, when SHA1 signatures are unavailable, we fallback (fall forward :) )
  to SHA2 on host keys proof confirmation.
- On a client side we permit SHA2-based proofs from server when requested SHA1
  proof (or didn't specify the hash algorithm that implies SHA1 on the client
  side). It is aligned with already present exception for RSA certificates.
- We fallback to SHA2 if SHA1 signatures is not available on the client side
  (file sshconnect2.c).
- We skip dss-related tests (they don't work without SHA1).
  Resolves: rhbz#2070163
- FIPS compliance efforts for dh, ecdh and signing
  Resolves: rhbz#2091694

Thu Apr 06 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-29

- Resolve possible self-DoS with some clients
  Resolves: rhbz#2186473

Thu Jan 12 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-28

- Do not try to use SHA1 for host key ownership proof when we don't support it server-side
  Resolves: rhbz#2088750

Thu Jan 12 2023 Zoltan Fridrich <zfridric@redhat.com> - 8.7p1-27

- Add sk-dummy subpackage for test purposes
  Resolves: rhbz#2092780

Fri Jan 06 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-26

- Fix one-byte overflow in SSH banner processing
  Resolves: rhbz#2138345
- Fix double free() in error path
  Resolves: rhbz#2138347