[ol7_u8_security_validation] openssh-10:7.4p1-22.0.1.el7_9_fips.aarch64

Name:	openssh
Epoch:	10
Version:	7.4p1
Release:	22.0.1.el7_9_fips
Architecture:	aarch64
Group:	Applications/Internet
Size:	2097924
License:	BSD
RPM:	openssh-7.4p1-22.0.1.el7_9_fips.aarch64.rpm
Source RPM:	openssh-7.4p1-22.0.1.el7_9_fips.src.rpm
Build Date:	Mon Dec 06 2021
Build Host:	build-ol7-aarch64.oracle.com
Vendor:	Oracle America
URL:	http://www.openssh.com/portable.html
Summary:	An open source implementation of SSH protocol versions 1 and 2
Description:	SSH (Secure SHell) is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's version of the last free version of SSH, bringing it up to date in terms of security and features. This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both.

Changelog (Show File list) (Show related packages)

Mon Dec 06 2021 John Mcwalters <john.mcwalters@oracle.com> - 7.4p1-22.0.1_fips

- Change Epoch from 1 to 10
- Enable fips KDF POST [Orabug: 32461750]
- Disable diffie-hellman-group-exchange-sha256 KEX FIPS method [Orabug: 32461739]

Tue Nov 23 2021 Alan Steinberg <alan.steinberg@oracle.com> - 7.4p1-22.0.1

- enlarge format buffer size for certificate serial
  number so the log message can record any 64-bit integer without
  truncation (openssh bz#3012) [Orabug: 30448895]

Thu Sep 30 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 7.4p1-22 + 0.10.3-2

- avoid segfault in Kerberos cache cleanup (#1999263)
- fix CVE-2021-41617 (#2008884)

Tue Jun 25 2019 Jakub Jelen <jjelen@redhat.com> - 7.4p1-21 + 0.10.3-2

- Avoid double comma in the default cipher list in FIPS mode (#1722446)

Tue May 21 2019 Jakub Jelen <jjelen@redhat.com> - 7.4p1-20 + 0.10.3-2
```
- Revert the updating of cached passwd structure (#1712053)
```
Mon Mar 04 2019 Jakub Jelen <jjelen@redhat.com> - 7.4p1-19 + 0.10.3-2
```
- Update cached passwd structure after PAM authentication (#1674541)
```

Wed Feb 13 2019 Jakub Jelen <jjelen@redhat.com> - 7.4p1-18 + 0.10.3-2

- invalidate supplemental group cache used by temporarily_use_uid()
  when the target uid differs (#1583735)

Mon Jan 14 2019 Jakub Jelen <jjelen@redhat.com> - 7.4p1-17 + 0.10.3-2

- Fix for CVE-2018-15473 (#1619079)
- Enable GCM mode for AES ciphers in FIPS mode (#1600869)

Fri Nov 24 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-16 + 0.10.3-2
```
- Fix for CVE-2017-15906 (#1517226)
```

Mon Nov 06 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-15 + 0.10.3-2

- Do not hang if SSH AuthorizedKeysCommand output is too large (#1496467)
- Do not segfault pam_ssh_agent_auth if keyfile is missing (#1494268)
- Do not segfault in audit code during cleanup (#1488083)
- Add WinSCP 5.10+ compatibility (#1496808)
- Clatch between ClientAlive and rekeying timeouts (#1480510)
- Exclude dsa and ed25519 from default proposed keys in FIPS mode (#1456853)
- Add enablement for openssl-ibmca and openssl-ibmpkcs11 (#1478035)