search for: bz

...us release: * Fri Aug 19 2016 Sandro Bonazzola <sbonazzo at redhat.com> - ev-2.3.0-31.el7_2.21 - Removing RH branding from package name * Tue Aug 02 2016 Miroslav Rezanina <mrezanin at redhat.com> - rhev-2.3.0-31.el7_2.21 - kvm-block-iscsi-avoid-potential-overflow-of-acb-task-cdb.patch [bz#1358997] - Resolves: bz#1358997 (CVE-2016-5126 qemu-kvm-rhev: Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl [rhel-7.2.z]) * Wed Jul 27 2016 Miroslav Rezanina <mrezanin at redhat.com> - rhev-2.3.0-31.el7_2.20 - kvm-virtio-error-out-if-guest-exceeds-virtqueue-size.patch [bz#1359731] -...

...l extensions in PROTOCOL.certkeys. * Added a 'netcat mode' to ssh(1): "ssh -W host:port ..." This connects stdio on the client to a single port forward on the server. This allows, for example, using ssh as a ProxyCommand to route connections via intermediate servers. bz#1618 * Add the ability to revoke keys in sshd(8) and ssh(1). User keys may be revoked using a new sshd_config(5) option "RevokedKeys". Host keys are revoked through known_hosts (details in the sshd(8) man page). Revoked keys cannot be used for user or host authentication and wi...

...behaviour was documented, but was an unsafe default and an extra hassle for administrators. New features: * Added chroot(2) support for sshd(8), controlled by a new option "ChrootDirectory". Please refer to sshd_config(5) for details, and please use this feature carefully. (bz#177 bz#1352) * Linked sftp-server(8) into sshd(8). The internal sftp server is used when the command "internal-sftp" is specified in a Subsystem or ForceCommand declaration. When used with ChrootDirectory, the internal sftp server requires no special configuration of files...

...behaviour was documented, but was an unsafe default and an extra hassle for administrators. New features: * Added chroot(2) support for sshd(8), controlled by a new option "ChrootDirectory". Please refer to sshd_config(5) for details, and please use this feature carefully. (bz#177 bz#1352) * Linked sftp-server(8) into sshd(8). The internal sftp server is used when the command "internal-sftp" is specified in a Subsystem or ForceCommand declaration. When used with ChrootDirectory, the internal sftp server requires no special configuration of files...

...l extensions in PROTOCOL.certkeys. * Added a 'netcat mode' to ssh(1): "ssh -W host:port ..." This connects stdio on the client to a single port forward on the server. This allows, for example, using ssh as a ProxyCommand to route connections via intermediate servers. bz#1618 * Add the ability to revoke keys in sshd(8) and ssh(1). User keys may be revoked using a new sshd_config(5) option "RevokedKeys". Host keys are revoked through known_hosts (details in the sshd(8) man page). Revoked keys cannot be used for user or host authentication and wi...

..."no-pty" -> "pty". This simplifies the task of setting up restricted keys and ensures they are maximally-restricted, regardless of any permissions we might implement in the future. * ssh(1): add ssh_config CertificateFile option to explicitly list certificates. bz#2436 * ssh-keygen(1): allow ssh-keygen to change the key comment for all supported formats. * ssh-keygen(1): allow fingerprinting from standard input, e.g. "ssh-keygen -lf -" * ssh-keygen(1): allow fingerprinting multiple public keys in a file, e.g. "ssh-keygen -lf ~/...

...hangelog since previous release: * Fri Jul 08 2016 Sandro Bonazzola <sbonazzo at redhat.com> - ev-2.3.0-31.el7_2.16.1 - Removing RH branding from package name * Thu Jun 16 2016 Miroslav Rezanina <mrezanin at redhat.com> - rhev-2.3.0-31.el7_2.16 - kvm-vga-add-sr_vbe-register-set.patch [bz#1347185] - Resolves: bz#1347185 (Regression from CVE-2016-3712: windows installer fails to start) * Mon Jun 06 2016 Miroslav Rezanina <mrezanin at redhat.com> - rhev-2.3.0-31.el7_2.15 - kvm-qcow2-Prevent-backing-file-names-longer-than-1023.patch [bz#1340045] - Resolves: bz#1340045 (Throw...

...hangeLog: * Thu Apr 20 2017 Sandro Bonazzola <sbonazzo at redhat.com> - ev-2.6.0-28.el7_3.9.1 - Removing RH branding from package name * Fri Mar 24 2017 Miroslav Rezanina <mrezanin at redhat.com> - rhev-2.6.0-28.el7_3.9 - kvm-block-gluster-memory-usage-use-one-glfs-instance-per.patch [bz#1413044] - kvm-gluster-Fix-use-after-free-in-glfs_clear_preopened.patch [bz#1413044] - kvm-fix-cirrus_vga-fix-OOB-read-case-qemu-Segmentation-f.patch [bz#1430061] - kvm-cirrus-vnc-zap-bitblit-support-from-console-code.patch [bz#1430061] - kvm-cirrus-add-option-to-disable-blitter.patch [bz#1430061]...

...-safe comparison function for verifying unlock attempts. This problem was reported by Ryan Castellucci. New Features ------------ * ssh(1), sshd(8): promote chacha20-poly1305 at openssh.com to be the default cipher * sshd(8): support admin-specified arguments to AuthorizedKeysCommand; bz#2081 * sshd(8): add AuthorizedPrincipalsCommand that allows retrieving authorized principals information from a subprocess rather than a file. * ssh(1), ssh-add(1): support PKCS#11 devices with external PIN entry devices bz#2240 * sshd(8): allow GSSAPI host credential check to be rel...

...failure and some other fatal messages generated by the packet code. Changes since OpenSSH 7.4 ========================= This is a bugfix release. New Features ------------ * ssh(1), sshd(8): Support "=-" syntax to easily remove methods from algorithm lists, e.g. Ciphers=-*cbc. bz#2671 Bugfixes -------- * ssh(1), sshd(8): Allow form-feed characters to appear in configuration files. * sshd(8): Fix regression in OpenSSH 7.4 support for the server-sig-algs extension, where SHA2 RSA signature methods were not being correctly advertised. bz#2680 * ssh(1), ssh-key...

...A key appeared in authorized_keys before the CA key. * ssh(1)/ssh-agent(1)/sshd(8): Use a monotonic time source for timers so that things like keepalives and rekeying will work properly over clock steps. * sftp(1): update progressmeter when data is acknowledged, not when it's sent. bz#2108 * ssh(1)/ssh-keygen(1): improve error messages when the current user does not exist in /etc/passwd; bz#2125 * ssh(1): reset the order in which public keys are tried after partial authentication success. * ssh-agent(1): clean up socket files after SIGINT when in debug mode; bz#21...

...form a path-traversal attack. creating or modifying files outside of the intended target directory. Reported by Jann Horn of Google Project Zero. New Features ------------ * ssh(1), sshd(8): Support "=-" syntax to easily remove methods from algorithm lists, e.g. Ciphers=-*cbc. bz#2671 Bugfixes -------- * sshd(1): Fix NULL dereference crash when key exchange start messages are sent out of sequence. * ssh(1), sshd(8): Allow form-feed characters to appear in configuration files. * sshd(8): Fix regression in OpenSSH 7.4 support for the server-sig-algs extension...

...d by the remote SOCKS client. This mode is requested using extended syntax for the -R and RemoteForward options and, because it is implemented solely at the client, does not require the server be updated to be supported. * sshd(8): allow LogLevel directive in sshd_config Match blocks; bz#2717 * ssh-keygen(1): allow inclusion of arbitrary string or flag certificate extensions and critical options. * ssh-keygen(1): allow ssh-keygen to use a key held in ssh-agent as a CA when signing certificates. bz#2377 * ssh(1)/sshd(8): allow IPQoS=none in ssh/sshd to not set an explici...

...A key appeared in authorized_keys before the CA key. * ssh(1)/ssh-agent(1)/sshd(8): Use a monotonic time source for timers so that things like keepalives and rekeying will work properly over clock steps. * sftp(1): update progressmeter when data is acknowledged, not when it's sent. bz#2108 * ssh(1)/ssh-keygen(1): improve error messages when the current user does not exist in /etc/passwd; bz#2125 * ssh(1): reset the order in which public keys are tried after partial authentication success. * ssh-agent(1): clean up socket files after SIGINT when in debug mode; bz#21...

...A key appeared in authorized_keys before the CA key. * ssh(1)/ssh-agent(1)/sshd(8): Use a monotonic time source for timers so that things like keepalives and rekeying will work properly over clock steps. * sftp(1): update progressmeter when data is acknowledged, not when it's sent. bz#2108 * ssh(1)/ssh-keygen(1): improve error messages when the current user does not exist in /etc/passwd; bz#2125 * ssh(1): reset the order in which public keys are tried after partial authentication success. * ssh-agent(1): clean up socket files after SIGINT when in debug mode; bz#21...

...lag was added to ssh(1) to set GSSAPIAuthentication=Yes * Failure to establish a ssh(1) TunnelForward is now treated as a fatal error when the ExitOnForwardFailure option is set. * ssh(1) returns a sensible exit status if the control master goes away without passing the full exit status. (bz #1261) * The following bugs have been fixed in this release: - When using a ProxyCommand in ssh(1), set the outgoing hostname with gethostname(2), allowing hostbased authentication to work (bz #616) - Make scp(1) skip FIFOs rather than hanging (bz #856) - Encode non-printing charac...

...lag was added to ssh(1) to set GSSAPIAuthentication=Yes * Failure to establish a ssh(1) TunnelForward is now treated as a fatal error when the ExitOnForwardFailure option is set. * ssh(1) returns a sensible exit status if the control master goes away without passing the full exit status. (bz #1261) * The following bugs have been fixed in this release: - When using a ProxyCommand in ssh(1), set the outgoing hostname with gethostname(2), allowing hostbased authentication to work (bz #616) - Make scp(1) skip FIFOs rather than hanging (bz #856) - Encode non-printing charac...

...vm-ev, here's the ChangeLog: * Thu Mar 2 2017 Sandro Bonazzola <sbonazzo at redhat.com> - ev-2.6.0-28.el7_3.6.1 - Removing RH branding from package name * Mon Feb 13 2017 Miroslav Rezanina <mrezanin at redhat.com> - rhev-2.6.0-28.el7_3.6 - kvm-cirrus-fix-patterncopy-checks.patch [bz#1420493] - kvm-Revert-cirrus-allow-zero-source-pitch-in-pattern-fil.patch [bz#1420493] - kvm-cirrus-add-blit_is_unsafe-call-to-cirrus_bitblt_cput.patch [bz#1420493] - Resolves: bz#1420493 (EMBARGOED CVE-2017-2620 qemu-kvm-rhev: Qemu: display: cirrus: potential arbitrary code execution via cirrus_...

...e changelog: * Mon Dec 11 2017 Sandro Bonazzola <sbonazzo at redhat.com> - ev-2.9.0-16.el7_4.11.1 - Removing RH branding from package name * Mon Nov 13 2017 Miroslav Rezanina <mrezanin at redhat.com> - rhev-2.9.0-16.el7_4.11 - kvm-exec-use-qemu_ram_ptr_length-to-access-guest-ram.patch [bz#1472185] - kvm-multiboot-validate-multiboot-header-address-values.patch [bz#1501123] - Resolves: bz#1472185 (CVE-2017-11334 qemu-kvm-rhev: Qemu: exec: oob access during dma operation [rhel-7.4.z]) - Resolves: bz#1501123 (CVE-2017-14167 qemu-kvm-rhev: Qemu: i386: multiboot OOB access while loading k...

...tion throughput for SSH protocol 2 sessions when in verbose mode (previously these statistics were displayed for protocol 1 connections only). * sftp-server(8) now supports extension methods statvfs at openssh.com and fstatvfs at openssh.com that implement statvfs(2)-like operations. (bz#1399) * sftp(1) now has a "df" command to the sftp client that uses the statvfs at openssh.com to produce a df(1)-like display of filesystem space and inode utilisation (requires statvfs at openssh.com support on the server) * Added a MaxSessions option to sshd_config(5) to a...