ELSA-2013-1591

Описание

[5.3p1-94]

• use dracut-fips package to determine if a FIPS module is installed (#1001565)

[5.3p1-93]

• use dist tag in suffixes for hmac checksum files (#1001565)

[5.3p1-92]

• use hmac_suffix for ssh{,d} hmac checksums (#1001565)

[5.3p1-91]

• fix NSS keys support (#1004763)

[5.3p1-90]

• change default value of MaxStartups - CVE-2010-5107 - #908707
• add -fips subpackages that contains the FIPS module files (#1001565)

[5.3p1-89]

• don't use SSH_FP_MD5 for fingerprints in FIPS mode (#998835)

[5.3p1-88]

• do ssh_gssapi_krb5_storecreds() twice - before and after pam sesssion (#974096)

[5.3p1-87]

• bump the minimum value of SSH_USE_STRONG_RNG to 14 according to SP800-131A (#993577)
• fixed an issue with broken 'ssh -I pkcs11' (#908038)
• abort non-subsystem sessions to forced internal sftp-server (#993509)
• reverted 'store krb5 credentials after a pam session is created (#974096)'

[5.3p1-86]

• Add support for certificate key types for users and hosts (#906872)
• Apply RFC3454 stringprep to banners when possible (#955792)

[5.3p1-85]

• fix chroot logging issue (#872169)
• change the bad key permissions error message (#880575)
• fix a race condition in ssh-agent (#896561)
• backport support for PKCS11 from openssh-5.4p1 (#908038)
• add a KexAlgorithms knob to the client and server configuration (#951704)
• fix parsing logic of ldap.conf file (#954094)
• Add HMAC-SHA2 algorithm support (#969565)
• store krb5 credentials after a pam session is created (#974096)