pool/openssh
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1165554 from home:alarrosa:branches:network

Browse Source 
- Add missing bugzilla/CVE references to the changelog

OBS-URL: https://build.opensuse.org/request/show/1165554
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=260
This commit is contained in:
Antonio Larrosa 2024-04-05 11:11:29 +00:00 committed by Git OBS Bridge
parent b0b10ece31
commit 2f5a8dd315
1 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
openssh.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Fri Apr 5 11:10:18 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
- Add missing bugzilla/CVE references to the changelog
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Apr 4 12:23:13 UTC 2024 - Antonio Larrosa <alarrosa@suse.com> Thu Apr 4 12:23:13 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
@ -297,14 +302,14 @@ Wed Sep 27 06:28:57 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Jul 21 02:48:58 UTC 2023 - Simon Lees <sflees@suse.de> Fri Jul 21 02:48:58 UTC 2023 - Simon Lees <sflees@suse.de>
- Update to openssh 9.3p2 (bsc#1213504, CVE-2023-38408): - Update to openssh 9.3p2:
Security Security
======== ========
Fix CVE-2023-38408 - a condition where specific libaries loaded via Fix a condition where specific libaries loaded via
ssh-agent(1)'s PKCS#11 support could be abused to achieve remote ssh-agent(1)'s PKCS#11 support could be abused to achieve remote
code execution via a forwarded agent socket if the following code execution via a forwarded agent socket if the following
conditions are met: conditions are met (bsc#1213504, CVE-2023-38408):
* Exploitation requires the presence of specific libraries on * Exploitation requires the presence of specific libraries on
the victim system. the victim system.
@ -1060,7 +1065,7 @@ Tue Sep 28 17:50:57 UTC 2021 - Hans Petter Jansson <hpj@suse.com>
Depending on system configuration, inherited groups may allow Depending on system configuration, inherited groups may allow
AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to
gain unintended privilege. gain unintended privilege (bsc#1190975, CVE-2021-41617).
Neither AuthorizedKeysCommand nor AuthorizedPrincipalsCommand are Neither AuthorizedKeysCommand nor AuthorizedPrincipalsCommand are
enabled by default in sshd_config(5). enabled by default in sshd_config(5).
@ -1259,7 +1264,7 @@ Tue Sep 28 17:50:57 UTC 2021 - Hans Petter Jansson <hpj@suse.com>
* ssh-agent(1): fixed a double-free memory corruption that was * ssh-agent(1): fixed a double-free memory corruption that was
introduced in OpenSSH 8.2 . We treat all such memory faults as introduced in OpenSSH 8.2 . We treat all such memory faults as
potentially exploitable. This bug could be reached by an attacker potentially exploitable. This bug could be reached by an attacker
with access to the agent socket. with access to the agent socket (bsc#1183137, CVE-2021-28041)
= Potentially-incompatible changes = Potentially-incompatible changes
* ssh(1), sshd(8): this release changes the first-preference signature * ssh(1), sshd(8): this release changes the first-preference signature
@ -2288,7 +2293,9 @@ Tue Oct 9 11:01:40 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
* openssh-7.7p1-fips.patch * openssh-7.7p1-fips.patch
* openssh-7.7p1-cavstest-ctr.patch * openssh-7.7p1-cavstest-ctr.patch
* openssh-7.7p1-cavstest-kdf.patch * openssh-7.7p1-cavstest-kdf.patch
* openssh-7.7p1-fips_checks.patch * openssh-7.7p1-fips_checks.patch . Close the right
filedescriptor to avoid fd leads, and also close fdh in
read_hmac (bsc#1209536).
* openssh-7.7p1-seed-prng.patch * openssh-7.7p1-seed-prng.patch
* openssh-7.7p1-systemd-notify.patch * openssh-7.7p1-systemd-notify.patch
* openssh-7.7p1-gssapi_key_exchange.patch * openssh-7.7p1-gssapi_key_exchange.patch