openssh-8.7p1-34.3.el9_3.security.0.2

docs/news.md

@@ -2,6 +2,10 @@
 
 These are what we consider significant SIG/Security news items, not an exhaustive list of package updates and wiki edits.
 
+## March 11, 2024
+
+[openssh](packages/openssh.md) rebased on upstream EL 8.7p1-34.3 with fixes for CVE-2023-48795 (Terrapin attack) and CVE-2023-51385, now building it without Kerberos support (further shortens `ldd sshd` from 20 to 13 lines, down from 28 lines in upstream EL).
+
 ## February 28, 2024
 
 [lkrg](packages/lkrg.md) updated to version 0.9.8, which adds a remote kernel message logging capability.

docs/packages/openssh.md

@@ -2,16 +2,21 @@
 
 ## EL9
 
-- Version `8.7p1-34.el9_3.security.0.1`
-- Based on `8.7p1-34.el9`
+- Version `8.7p1-34.3.el9_3.security.0.2`
+- Based on `8.7p1-34.el9_3.3`
 
 ### Changes summary
 
 - Instead of linking against `libsystemd`, load it dynamically in a temporary child process to avoid polluting actual `sshd`'s address space with that library and its many dependencies (shortens `ldd sshd` output from 28 to 20 lines)
+- Build without Kerberos support (further shortens `ldd sshd` from 20 to 13 lines)
 
 ### Change log
 
 ```
+* Mon Mar 11 2024 Solar Designer <solar@openwall.com> 8.7p1-34.3.el9_3.security.0.2
+- Rebase 8.7p1-34.el9_3.security.0.1 on 8.7p1-34.3
+- Build without Kerberos support (shortens "ldd sshd" from 20 to 13 lines)
+
 * Wed Nov 22 2023 Solar Designer <solar@openwall.com> 8.7p1-34.el9_3.security.0.1
 - Rebase 8.7p1-30.el9.security.0.2 on 8.7p1-34