products/SLFO
SHA256
8
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
SLFO/patchinfo.20250219153016224505.90520734224245/_patchinfo

42 lines
2.2 KiB
Plaintext
Raw Blame History

<patchinfo incident="21">
<!-- generated from request(s) 361914 -->
<issue tracker="bnc" id="1227456">install with Common Criteria role gives error after packages install step</issue>
<issue tracker="bnc" id="1229010">MFA message w/out prompt fails to display via ssh</issue>
<issue tracker="bnc" id="1229072">[SELinux] mls policy: check if we need the ssh-keycat patch</issue>
<issue tracker="bnc" id="1229449">ssh x11 forwarding unusably slow</issue>
<issue tracker="bnc" id="1236826">L3: SSH client segfaults in ssh_kex2() &#8212; ref:_00D1igLOd._500TrSpsZM:ref</issue>
<issue tracker="bnc" id="1237040">VUL-0: CVE-2025-26465: openssh,openssh8.4: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client</issue>
<issue tracker="bnc" id="1237041">VUL-0: CVE-2025-26466: openssh,openssh8.4: DoS attack against OpenSSH's client and server</issue>
<issue tracker="cve" id="2025-26465"/>
<issue tracker="cve" id="2025-26466"/>
<packager>alarrosa</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for openssh</summary>
<description>This update for openssh fixes the following issues:
Security issues fixed:
- CVE-2025-26465: Fixed a MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040)
- CVE-2025-26466: Fixed a DoS attack against OpenSSH's client and server (bsc#1237041)
Other issues fixed:
- Fix ssh client segfault with GSSAPIKeyExchange=yes in ssh_kex2
due to gssapi proposal not being correctly initialized
(bsc#1236826).
- Add a patch to fix a regression introduced in 9.6 that makes X11
forwarding very slow. (bsc#1229449)
- Fixed RFC4256 implementation so that keyboard-interactive authentication method can send
instructions and sshd shows them to users even before a prompt
is requested. This fixes MFA push notifications (bsc#1229010).
- Fix a dbus connection leaked in the logind patch that was
missing a sd_bus_unref call
- Add a patch that fixes a small memory leak when parsing the
subsystem configuration option:
- Remove empty line at the end of sshd-sle.pamd (bsc#1227456)
</description>
<package>openssh</package>
<package>openssh:openssh-askpass-gnome</package>
<seperate_build_arch/>
</patchinfo>
Reference in New Issue View Git Blame Copy Permalink