[ol9_baseos_latest] openssh-server-8.7p1-38.0.1.el9.x86_64

Name:	openssh-server
Version:	8.7p1
Release:	38.0.1.el9
Architecture:	x86_64
Group:	Unspecified
Size:	1094794
License:	BSD
RPM:	openssh-server-8.7p1-38.0.1.el9.x86_64.rpm
Source RPM:	openssh-8.7p1-38.0.1.el9.src.rpm
Build Date:	Wed May 01 2024
Build Host:	build-ol9-x86_64.oracle.com
Vendor:	Oracle America
URL:	http://www.openssh.com/portable.html
Summary:	An open source SSH server daemon
Description:	OpenSSH is a free version of SSH (Secure SHell), a program for logging into and executing commands on a remote machine. This package contains the secure shell daemon (sshd). The sshd daemon allows SSH clients to securely connect to your SSH server.

Changelog (Show File list) (Show related packages)

Wed May 01 2024 Alex Burmashev <alexander.burmashev@oracle.com> - 8.7p1-38.0.1
```
- Update upstream references [Orabug: 36564626]
```
Fri Jan 05 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-38
```
- Fix Terrapin attack
  Resolves: CVE-2023-48795
```
Fri Jan 05 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-37
```
- Fix Terrapin attack
  Resolves: CVE-2023-48795
```

Wed Dec 20 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-36

- Fix Terrapin attack
  Resolves: CVE-2023-48795
- Relax OpenSSH build-time checks for OpenSSL version
  Related: RHEL-4734
- Forbid shell metasymbols in username/hostname
  Resolves: CVE-2023-51385

Mon Oct 23 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-35

- Relax OpenSSH checks for OpenSSL version
  Resolves: RHEL-4734
- Limit artificial delays in sshd while login using AD user
  Resolves: RHEL-2469
- Move users/groups creation logic to sysusers.d fragments
  Resolves: RHEL-5222

Thu Jul 20 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-34

- Avoid remote code execution in ssh-agent PKCS#11 support
  Resolves: CVE-2023-38408

Tue Jun 13 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-33

- Allow specifying validity interval in UTC
  Resolves: rhbz#2115043

Wed May 24 2023 Norbert Pocs <npocs@redhat.com> - 8.7p1-32

- Fix pkcs11 issue with the recent changes
- Delete unnecessary log messages from previous compl-dh patch
- Add ssh_config man page explanation on rhbz#2068423
- Resolves: rhbz#2207793, rhbz#2209096

Tue May 16 2023 Norbert Pocs <npocs@redhat.com> - 8.7p1-31

- Fix minor issues with openssh-8.7p1-evp-fips-compl-dh.patch:
- Check return values
- Use EVP API to get the size of DH
- Add some log debug lines
- Related: rhbz#2091694

Thu Apr 20 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-30

- Some non-terminating processes were listening on ports.
  Resolves: rhbz#2177768
- On sshd startup, we check whether signing using the SHA1 for signing is
  available and don't use it when it isn't.
- On ssh private key conversion we explicitly use SHA2 for testing RSA keys.
- In sshd, when SHA1 signatures are unavailable, we fallback (fall forward :) )
  to SHA2 on host keys proof confirmation.
- On a client side we permit SHA2-based proofs from server when requested SHA1
  proof (or didn't specify the hash algorithm that implies SHA1 on the client
  side). It is aligned with already present exception for RSA certificates.
- We fallback to SHA2 if SHA1 signatures is not available on the client side
  (file sshconnect2.c).
- We skip dss-related tests (they don't work without SHA1).
  Resolves: rhbz#2070163
- FIPS compliance efforts for dh, ecdh and signing
  Resolves: rhbz#2091694