Fedora 28: openssh Security Update

    Date21 Jan 2019
    CategoryFedora
    437
    Posted ByAnthony Pell
    This update fixes CVE-2018-20685 (the first "variant").
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2019-9eb0ae6296
    2019-01-22 01:34:24.985490
    --------------------------------------------------------------------------------
    
    Name        : openssh
    Product     : Fedora 28
    Version     : 7.8p1
    Release     : 4.fc28
    URL         : http://www.openssh.com/portable.html
    Summary     : An open source implementation of SSH protocol version 2
    Description :
    SSH (Secure SHell) is a program for logging into and executing
    commands on a remote machine. SSH is intended to replace rlogin and
    rsh, and to provide secure encrypted communications between two
    untrusted hosts over an insecure network. X11 connections and
    arbitrary TCP/IP ports can also be forwarded over the secure channel.
    
    OpenSSH is OpenBSD's version of the last free version of SSH, bringing
    it up to date in terms of security and features.
    
    This package includes the core files necessary for both the OpenSSH
    client and server. To make this package useful, you should also
    install openssh-clients, openssh-server, or both.
    
    --------------------------------------------------------------------------------
    Update Information:
    
    This update fixes CVE-2018-20685 (the first "variant").
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Mon Jan 14 2019 Jakub Jelen  - 7.8p1-4 + 0.10.3-5
    - Fix for CVE-2018-20685 (#1665786)
    * Mon Sep 24 2018 Jakub Jelen  - 7.8p1-3 + 0.10.3-5
    - Disable OpenSSH hardening flags and use the ones provided by system
    - Ignore unknown parts of PKCS#11 URI
    - Do not fail with GSSAPI enabled in match blocks (#1580017)
    - Fix the segfaulting cavs test (#1628962)
    * Fri Aug 31 2018 Jakub Jelen  - 7.8p1-2 + 0.10.3-5
    - New upstream release fixing CVE 2018-15473
    - Remove unused patches
    - Remove reference to unused enviornment variable SSH_USE_STRONG_RNG
    - Address coverity issues
    - Unbreak scp between two IPv6 hosts
    - Unbreak GSSAPI key exchange (#1624344)
    - Unbreak rekeying with GSSAPI key exchange (#1624344)
    * Thu Aug  9 2018 Jakub Jelen  - 7.7p1-6 + 0.10.3-4
    - Fix listing of kex algoritms in FIPS mode
    - Allow aes-gcm cipher modes in FIPS mode
    - Coverity fixes
    * Fri Jul 13 2018 Fedora Release Engineering  - 7.7p1-5.1
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
    * Tue Jul  3 2018 Jakub Jelen  - 7.7p1-5 + 0.10.3-4
    - Disable manual printing of motd by default (#1591381)
    * Wed Jun 27 2018 Jakub Jelen  - 7.7p1-4 + 0.10.3-4
    - Better handling of kerberos tickets storage (#1566494)
    - Add pam_motd to pam stack (#1591381)
    * Mon Apr 16 2018 Jakub Jelen  - 7.7p1-3 + 0.10.3-4
    - Fix tun devices and other issues fixed after release upstream (#1567775)
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #1665785
            https://bugzilla.redhat.com/show_bug.cgi?id=1665785
    --------------------------------------------------------------------------------
    
    This update can be installed with the "dnf" update program. Use
    su -c 'dnf upgrade --advisory FEDORA-2019-9eb0ae6296' at the command
    line. For more information, refer to the dnf documentation available at
    http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
    
    All packages are signed with the Fedora Project GPG key. More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    _______________________________________________
    package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it.
    To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it.
    Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
    List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
    List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"13","type":"x","order":"1","pct":56.52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":13.04,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"7","type":"x","order":"3","pct":30.43,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.