security/wiki
8
0
Fork 1
generated from sig_core/wiki-template
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10816e23f7
wiki/docs/packages/openssh.md
Solar Designer 10816e23f7 openssh 8.7p1-38.1.el9_4.security.0.7
2024-07-08 20:44:12 +02:00

50 lines
2.0 KiB
Markdown
Raw Blame History

# Override package: openssh
## EL9
- Version `8.7p1-38.1.el9_4.security.0.7`
- Based on `8.7p1-38.el9_4.1`
### Changes summary
- Instead of linking against `libsystemd`, load it dynamically in a temporary child process to avoid polluting actual `sshd`'s address space with that library and its many dependencies (shortens `ldd sshd` output from 28 to 20 lines)
- Build without Kerberos support (further shortens `ldd sshd` from 20 to 13 lines)
- Fix [CVE-2024-6409](../issues/CVE-2024-6409.md)
### Change log
```
* Mon Jul 08 2024 Solar Designer <solar@openwall.com> 8.7p1-38.1.el9_4.security.0.7
- Fix CVE-2024-6409
* Mon Jul 08 2024 Solar Designer <solar@openwall.com> 8.7p1-38.1.el9_4.security.0.6
- Rebase on 8.7p1-38.1
* Mon Jul 01 2024 Solar Designer <solar@openwall.com> 8.7p1-38.el9_4.security.0.5
- Fix CVE-2024-6387 regreSSHion
* Mon May 20 2024 Solar Designer <solar@openwall.com> 8.7p1-38.el9_4.security.0.4
- Rebase on 8.7p1-38
* Sat Mar 16 2024 Solar Designer <solar@openwall.com> 8.7p1-34.3.el9_3.security.0.3
- Comment out GSSAPI* lines in /etc/ssh/ssh*_config.d/50-redhat.conf and patch
the code to silently ignore GSSAPIKexAlgorithms when unsupported (like it is
in our new without-Kerberos build)
* Mon Mar 11 2024 Solar Designer <solar@openwall.com> 8.7p1-34.3.el9_3.security.0.2
- Rebase 8.7p1-34.el9_3.security.0.1 on 8.7p1-34.3
- Build without Kerberos support (shortens "ldd sshd" from 20 to 13 lines)
* Wed Nov 22 2023 Solar Designer <solar@openwall.com> 8.7p1-34.el9_3.security.0.1
- Rebase 8.7p1-30.el9.security.0.2 on 8.7p1-34
* Sat Oct 07 2023 Solar Designer <solar@openwall.com> 8.7p1-30.el9.security.0.2
- Load libsystemd.so.0, not libsystemd.so, as the latter is only provided by
systemd-devel
* Mon Aug 28 2023 Solar Designer <solar@openwall.com> 8.7p1-30.el9.security.0.1
- Instead of linking against libsystemd, load it dynamically in a temporary
child process to avoid polluting actual sshd's address space with that
library and its many dependencies (shortens "ldd sshd" from 28 to 20 lines)
```
Reference in New Issue View Git Blame Copy Permalink