diff --git a/openssh.changes b/openssh.changes index b638924..d763c5a 100644 --- a/openssh.changes +++ b/openssh.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Apr 5 11:10:18 UTC 2024 - Antonio Larrosa + +- Add missing bugzilla/CVE references to the changelog + ------------------------------------------------------------------- Thu Apr 4 12:23:13 UTC 2024 - Antonio Larrosa @@ -297,14 +302,14 @@ Wed Sep 27 06:28:57 UTC 2023 - Thorsten Kukuk ------------------------------------------------------------------- Fri Jul 21 02:48:58 UTC 2023 - Simon Lees -- Update to openssh 9.3p2 (bsc#1213504, CVE-2023-38408): +- Update to openssh 9.3p2: Security ======== - Fix CVE-2023-38408 - a condition where specific libaries loaded via + Fix a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if the following - conditions are met: + conditions are met (bsc#1213504, CVE-2023-38408): * Exploitation requires the presence of specific libraries on the victim system. @@ -1060,7 +1065,7 @@ Tue Sep 28 17:50:57 UTC 2021 - Hans Petter Jansson Depending on system configuration, inherited groups may allow AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to - gain unintended privilege. + gain unintended privilege (bsc#1190975, CVE-2021-41617). Neither AuthorizedKeysCommand nor AuthorizedPrincipalsCommand are enabled by default in sshd_config(5). @@ -1259,7 +1264,7 @@ Tue Sep 28 17:50:57 UTC 2021 - Hans Petter Jansson * ssh-agent(1): fixed a double-free memory corruption that was introduced in OpenSSH 8.2 . We treat all such memory faults as potentially exploitable. This bug could be reached by an attacker - with access to the agent socket. + with access to the agent socket (bsc#1183137, CVE-2021-28041) = Potentially-incompatible changes * ssh(1), sshd(8): this release changes the first-preference signature @@ -2288,7 +2293,9 @@ Tue Oct 9 11:01:40 UTC 2018 - Tomáš Chvátal * openssh-7.7p1-fips.patch * openssh-7.7p1-cavstest-ctr.patch * openssh-7.7p1-cavstest-kdf.patch - * openssh-7.7p1-fips_checks.patch + * openssh-7.7p1-fips_checks.patch . Close the right + filedescriptor to avoid fd leads, and also close fdh in + read_hmac (bsc#1209536). * openssh-7.7p1-seed-prng.patch * openssh-7.7p1-systemd-notify.patch * openssh-7.7p1-gssapi_key_exchange.patch