[ol7_u8_security_validation] pam_ssh_agent_auth-10:0.10.3-2.23.0.3.el7_9_fips.x86_64

Name:	pam_ssh_agent_auth
Epoch:	10
Version:	0.10.3
Release:	2.23.0.3.el7_9_fips
Architecture:	x86_64
Group:	System Environment/Base
Size:	392076
License:	BSD
RPM:	pam_ssh_agent_auth-0.10.3-2.23.0.3.el7_9_fips.x86_64.rpm
Source RPM:	openssh-7.4p1-23.0.3.el7_9_fips.src.rpm
Build Date:	Tue Mar 19 2024
Build Host:	build-ol7-x86_64.oracle.com
Vendor:	Oracle America
URL:	http://www.openssh.com/portable.html
Summary:	PAM module for authentication with ssh-agent
Description:	This package contains a PAM module which can be used to authenticate users using ssh keys stored in a ssh-agent. Through the use of the forwarding of ssh-agent connection it also allows to authenticate with remote ssh-agent instance. The module is most useful for su and sudo service stacks.

Changelog (Show File list) (Show related packages)

Mon Feb 12 2024 Kaylin Devchand <kaylin.devchand@oracle.com> - 7.4p1-23.0.3_fips

- Change Epoch from 1 to 10
- Enable fips KDF POST [Orabug: 32461750]
- Disable diffie-hellman-group-exchange-sha256 KEX FIPS method [Orabug: 32461739]

Wed Feb 07 2024 Kaylin Devchand <kaylin.devchand@oracle.com> - 7.4p1-23.0.3

- add KEX_INITIAL flag [Orabug: 36160445] 
- implement "strict key exchange" [CVE-2023-48795][Orabug: 36160445]

Tue Aug 01 2023 Codrin Pruteanu <codrin.pruteanu@oracle.com> - 7.4p1-23.0.1

- enlarge format buffer size for certificate serial
  number so the log message can record any 64-bit integer without
  truncation (openssh bz#3012) [Orabug: 30448895]

Thu Jul 20 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 7.4p1-23 + 0.10.3-2

- Avoid remote code execution in ssh-agent PKCS#11 support
  Resolves: CVE-2023-38408

Thu Sep 30 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 7.4p1-22 + 0.10.3-2

- avoid segfault in Kerberos cache cleanup (#1999263)
- fix CVE-2021-41617 (#2008884)

Tue Jun 25 2019 Jakub Jelen <jjelen@redhat.com> - 7.4p1-21 + 0.10.3-2

- Avoid double comma in the default cipher list in FIPS mode (#1722446)

Tue May 21 2019 Jakub Jelen <jjelen@redhat.com> - 7.4p1-20 + 0.10.3-2
```
- Revert the updating of cached passwd structure (#1712053)
```
Mon Mar 04 2019 Jakub Jelen <jjelen@redhat.com> - 7.4p1-19 + 0.10.3-2
```
- Update cached passwd structure after PAM authentication (#1674541)
```

Wed Feb 13 2019 Jakub Jelen <jjelen@redhat.com> - 7.4p1-18 + 0.10.3-2

- invalidate supplemental group cache used by temporarily_use_uid()
  when the target uid differs (#1583735)

Mon Jan 14 2019 Jakub Jelen <jjelen@redhat.com> - 7.4p1-17 + 0.10.3-2

- Fix for CVE-2018-15473 (#1619079)
- Enable GCM mode for AES ciphers in FIPS mode (#1600869)