diff --git a/openssh-9.6p1-CVE-2023-48795.patch b/openssh-9.6p1-CVE-2023-48795.patch index 4f865fe..7f710db 100644 --- a/openssh-9.6p1-CVE-2023-48795.patch +++ b/openssh-9.6p1-CVE-2023-48795.patch @@ -428,6 +428,15 @@ diff -up openssh-8.7p1/sshd.c.kexstrict openssh-8.7p1/sshd.c myproposal[PROPOSAL_ENC_ALGS_CTOS] = myproposal[PROPOSAL_ENC_ALGS_STOC] = prop_enc = compat_cipher_proposal(ssh, options.ciphers); +@@ -2586,7 +2586,7 @@ do_ssh2_kex(struct ssh *ssh) + if (gss && orig) + xasprintf(&newstr, "%s,%s", gss, orig); + else if (gss) +- newstr = gss; ++ xasprintf(&newstr, "%s,%s", gss, "kex-strict-s-v00@openssh.com"); + else if (orig) + newstr = orig; + @@ -2650,6 +2654,7 @@ do_ssh2_kex(struct ssh *ssh) #endif free(prop_kex); diff --git a/openssh.spec b/openssh.spec index d059fc0..faf8208 100644 --- a/openssh.spec +++ b/openssh.spec @@ -798,6 +798,10 @@ test -f %{sysconfig_anaconda} && \ %endif %changelog +* Fri Jan 05 2024 Dmitry Belyavskiy - 8.7p1-37 +- Fix Terrapin attack + Resolves: CVE-2023-48795 + * Wed Dec 20 2023 Dmitry Belyavskiy - 8.7p1-36 - Fix Terrapin attack Resolves: CVE-2023-48795