[ol7_u8_security_validation] openssh-10:7.4p1-23.0.1.el7_9_fips.aarch64

Name:	openssh
Epoch:	10
Version:	7.4p1
Release:	23.0.1.el7_9_fips
Architecture:	aarch64
Group:	Applications/Internet
Size:	2097900
License:	BSD
RPM:	openssh-7.4p1-23.0.1.el7_9_fips.aarch64.rpm
Source RPM:	openssh-7.4p1-23.0.1.el7_9_fips.src.rpm
Build Date:	Wed Aug 02 2023
Build Host:	build-ol7-aarch64.oracle.com
Vendor:	Oracle America
URL:	http://www.openssh.com/portable.html
Summary:	An open source implementation of SSH protocol versions 1 and 2
Description:	SSH (Secure SHell) is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's version of the last free version of SSH, bringing it up to date in terms of security and features. This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both.

Changelog (Show File list) (Show related packages)

Wed Aug 02 2023 John Mcwalters <john.mcwalters@oracle.com> - 7.4p1-23.0.1_fips

- Change Epoch from 1 to 10
- Enable fips KDF POST [Orabug: 32461750]
- Disable diffie-hellman-group-exchange-sha256 KEX FIPS method [Orabug: 32461739]

Tue Aug 01 2023 Codrin Pruteanu <codrin.pruteanu@oracle.com> - 7.4p1-23.0.1

- enlarge format buffer size for certificate serial
  number so the log message can record any 64-bit integer without
  truncation (openssh bz#3012) [Orabug: 30448895]

Thu Jul 20 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 7.4p1-23 + 0.10.3-2

- Avoid remote code execution in ssh-agent PKCS#11 support
  Resolves: CVE-2023-38408

Thu Sep 30 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 7.4p1-22 + 0.10.3-2

- avoid segfault in Kerberos cache cleanup (#1999263)
- fix CVE-2021-41617 (#2008884)

Tue Jun 25 2019 Jakub Jelen <jjelen@redhat.com> - 7.4p1-21 + 0.10.3-2

- Avoid double comma in the default cipher list in FIPS mode (#1722446)

Tue May 21 2019 Jakub Jelen <jjelen@redhat.com> - 7.4p1-20 + 0.10.3-2
```
- Revert the updating of cached passwd structure (#1712053)
```
Mon Mar 04 2019 Jakub Jelen <jjelen@redhat.com> - 7.4p1-19 + 0.10.3-2
```
- Update cached passwd structure after PAM authentication (#1674541)
```

Wed Feb 13 2019 Jakub Jelen <jjelen@redhat.com> - 7.4p1-18 + 0.10.3-2

- invalidate supplemental group cache used by temporarily_use_uid()
  when the target uid differs (#1583735)

Mon Jan 14 2019 Jakub Jelen <jjelen@redhat.com> - 7.4p1-17 + 0.10.3-2

- Fix for CVE-2018-15473 (#1619079)
- Enable GCM mode for AES ciphers in FIPS mode (#1600869)

Fri Nov 24 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-16 + 0.10.3-2
```
- Fix for CVE-2017-15906 (#1517226)
```