From 32b0012fe4abb9e717ea9b8e28001c438b062cd9 Mon Sep 17 00:00:00 2001 From: Solar Designer Date: Mon, 11 Mar 2024 19:12:15 +0100 Subject: [PATCH] openssh-8.7p1-34.3.el9_3.security.0.2 --- docs/news.md | 4 ++++ docs/packages/openssh.md | 9 +++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/docs/news.md b/docs/news.md index ad9b455..c5350bc 100644 --- a/docs/news.md +++ b/docs/news.md @@ -2,6 +2,10 @@ These are what we consider significant SIG/Security news items, not an exhaustive list of package updates and wiki edits. +## March 11, 2024 + +[openssh](packages/openssh.md) rebased on upstream EL 8.7p1-34.3 with fixes for CVE-2023-48795 (Terrapin attack) and CVE-2023-51385, now building it without Kerberos support (further shortens `ldd sshd` from 20 to 13 lines, down from 28 lines in upstream EL). + ## February 28, 2024 [lkrg](packages/lkrg.md) updated to version 0.9.8, which adds a remote kernel message logging capability. diff --git a/docs/packages/openssh.md b/docs/packages/openssh.md index 1590e80..6a6a22b 100644 --- a/docs/packages/openssh.md +++ b/docs/packages/openssh.md @@ -2,16 +2,21 @@ ## EL9 -- Version `8.7p1-34.el9_3.security.0.1` -- Based on `8.7p1-34.el9` +- Version `8.7p1-34.3.el9_3.security.0.2` +- Based on `8.7p1-34.el9_3.3` ### Changes summary - Instead of linking against `libsystemd`, load it dynamically in a temporary child process to avoid polluting actual `sshd`'s address space with that library and its many dependencies (shortens `ldd sshd` output from 28 to 20 lines) +- Build without Kerberos support (further shortens `ldd sshd` from 20 to 13 lines) ### Change log ``` +* Mon Mar 11 2024 Solar Designer 8.7p1-34.3.el9_3.security.0.2 +- Rebase 8.7p1-34.el9_3.security.0.1 on 8.7p1-34.3 +- Build without Kerberos support (shortens "ldd sshd" from 20 to 13 lines) + * Wed Nov 22 2023 Solar Designer 8.7p1-34.el9_3.security.0.1 - Rebase 8.7p1-30.el9.security.0.2 on 8.7p1-34