ELSA-2019-3702

ULN >
Oracle Linux Errata repository >
ELSA-2019-3702

ELSA-2019-3702 - openssh security, bug fix, and enhancement update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2019-11-14

Description

[8.0p1-3 + 0.10.3-7]
- Fix typos in manual pages (#1668325)
- Use the upstream support for PKCS#8 PEM files alongside with the legacy PEM files (#1712436)
- Unbreak ssh-keygen -A in FIPS mode (#1732424)
- Add missing RSA certificate types to offered hostkey types in FIPS mode (#1732449)

[8.0p1-2 + 0.10.3-7]
- Allow specifying a pin-value in PKCS #11 URI in ssh-add (#1639698)
- Whitelist another syscall variant for s390x cryptographic module (ibmca engine) (#1714915)

[8.0p1-1 + 0.10.3-7]
- New upstream release (#1691045)
- Remove support for unused VendorPatchLevel configuration option
- Fix kerberos cleanup procedures (#1683295)
- Do not negotiate arbitrary primes with DH GEX in FIPS (#1685096)
- Several GSSAPI key exchange improvements and sync with Debian
- Allow to use labels in PKCS#11 URIs even if they do not match on private key (#1671262)
- Do not fall back to sshd_net_t SELinux context (#1678695)
- Use FIPS compliant high-level signature OpenSSL API and KDF
- Mention crypto-policies in manual pages
- Do not fail if non-FIPS approved algorithm is enabled in FIPS
- Generate the PEM files in new PKCS#8 format without the need of MD5 (#1712436)

Related CVEs

CVE-2019-6109

CVE-2019-6111

CVE-2018-20685

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	openssh-8.0p1-3.el8.src.rpm	21ef5d7782ec39c6ba4da4e95ba9a9706e9bba416283d27c418e188c118f65b0	-	ol8_aarch64_appstream
	openssh-8.0p1-3.el8.src.rpm	21ef5d7782ec39c6ba4da4e95ba9a9706e9bba416283d27c418e188c118f65b0	-	ol8_aarch64_baseos_latest
	openssh-8.0p1-3.el8.aarch64.rpm	b2937262fc6b2f0981d049dfe762bbcc58001a9d100cef0dabe81a906811b537	-	ol8_aarch64_baseos_latest
	openssh-askpass-8.0p1-3.el8.aarch64.rpm	43d9f328b8874ca7a39db8daf5ae09fb6d6c535c122f69e771bb4fe36071e84a	-	ol8_aarch64_appstream
	openssh-cavs-8.0p1-3.el8.aarch64.rpm	25fea81ea5489ec7d659aabc23556a77da968b058f48ccf6c09d1c7838173777	-	ol8_aarch64_baseos_latest
	openssh-clients-8.0p1-3.el8.aarch64.rpm	93b650f9340c6f78c7e722fbc66a55da09f2cc6f813ddaa78c427b3eba76f8aa	-	ol8_aarch64_baseos_latest
	openssh-keycat-8.0p1-3.el8.aarch64.rpm	1ab13baad9c054268e2b4e93038c96be57305eded5d6a938d8eea104ae225469	-	ol8_aarch64_baseos_latest
	openssh-ldap-8.0p1-3.el8.aarch64.rpm	f676e634aa804bcc8f15304d2380f552bdc3f19b88e3493ce65a04e480af0caf	-	ol8_aarch64_baseos_latest
	openssh-server-8.0p1-3.el8.aarch64.rpm	9cb00cc1afeb1d507166563daabcb9893e915d810d78c0e6376b4cefbac31b5a	-	ol8_aarch64_baseos_latest
	pam_ssh_agent_auth-0.10.3-7.3.el8.aarch64.rpm	4dc682e40c028d94166535b3648d4e2a1f770c14edd5cc9e244122752fe1b753	-	ol8_aarch64_baseos_latest

Oracle Linux 8 (x86_64)	openssh-8.0p1-3.el8.src.rpm	21ef5d7782ec39c6ba4da4e95ba9a9706e9bba416283d27c418e188c118f65b0	-	ol8_x86_64_appstream
	openssh-8.0p1-3.el8.src.rpm	21ef5d7782ec39c6ba4da4e95ba9a9706e9bba416283d27c418e188c118f65b0	-	ol8_x86_64_baseos_latest
	openssh-8.0p1-3.el8.src.rpm	21ef5d7782ec39c6ba4da4e95ba9a9706e9bba416283d27c418e188c118f65b0	-	ol8_x86_64_u1_baseos_base
	openssh-8.0p1-3.el8.x86_64.rpm	48da0eaefa998f2b3921a406614202a98c037bfb57c7cedacb7ec8ceef5285d4	-	ol8_x86_64_baseos_latest
	openssh-8.0p1-3.el8.x86_64.rpm	48da0eaefa998f2b3921a406614202a98c037bfb57c7cedacb7ec8ceef5285d4	-	ol8_x86_64_u1_baseos_base
	openssh-askpass-8.0p1-3.el8.x86_64.rpm	aa6910b916d8e492f1ca8a4940a7e1023f614ec5c150a0ca2ddfbd66f329dc95	-	ol8_x86_64_appstream
	openssh-cavs-8.0p1-3.el8.x86_64.rpm	b422333fc8bf356582a5bf9d1aed3a6fc37fa000dc0ed3c316cc4bee8c4e14c5	-	ol8_x86_64_baseos_latest
	openssh-cavs-8.0p1-3.el8.x86_64.rpm	b422333fc8bf356582a5bf9d1aed3a6fc37fa000dc0ed3c316cc4bee8c4e14c5	-	ol8_x86_64_u1_baseos_base
	openssh-clients-8.0p1-3.el8.x86_64.rpm	29feb6edc258ec3a8334f7977881bf609c74b0882b8b6402ed3d176da05c6040	-	ol8_x86_64_baseos_latest
	openssh-clients-8.0p1-3.el8.x86_64.rpm	29feb6edc258ec3a8334f7977881bf609c74b0882b8b6402ed3d176da05c6040	-	ol8_x86_64_u1_baseos_base
	openssh-keycat-8.0p1-3.el8.x86_64.rpm	03f14db1f6b533a8aef109fd14f77dcfb57ddfebd09c78aba4d5a7a5ff1e4572	-	ol8_x86_64_baseos_latest
	openssh-keycat-8.0p1-3.el8.x86_64.rpm	03f14db1f6b533a8aef109fd14f77dcfb57ddfebd09c78aba4d5a7a5ff1e4572	-	ol8_x86_64_u1_baseos_base
	openssh-ldap-8.0p1-3.el8.x86_64.rpm	729fb69bef1d5517482b1e1140ec15c728bf0bc37a3a91fb627b0319e4029a63	-	ol8_x86_64_baseos_latest
	openssh-ldap-8.0p1-3.el8.x86_64.rpm	729fb69bef1d5517482b1e1140ec15c728bf0bc37a3a91fb627b0319e4029a63	-	ol8_x86_64_u1_baseos_base
	openssh-server-8.0p1-3.el8.x86_64.rpm	a6709746d1cbde870e82465fe5e5b5abf6ae30ed7cf33465e7bd5ba7962577f4	-	ol8_x86_64_baseos_latest
	openssh-server-8.0p1-3.el8.x86_64.rpm	a6709746d1cbde870e82465fe5e5b5abf6ae30ed7cf33465e7bd5ba7962577f4	-	ol8_x86_64_u1_baseos_base
	pam_ssh_agent_auth-0.10.3-7.3.el8.x86_64.rpm	5b8be332168f1e3931fe722895e3fb14d2177289aae30df76562635bb03663fb	-	ol8_x86_64_baseos_latest
	pam_ssh_agent_auth-0.10.3-7.3.el8.x86_64.rpm	5b8be332168f1e3931fe722895e3fb14d2177289aae30df76562635bb03663fb	-	ol8_x86_64_u1_baseos_base

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691