Comments

5 Comments

Wow, thanks for the detailed analysis and the recommendation! Definitely an oversight from my side (thought -f was enough), will follow-up with a fix...

BZ#2294904 CVE-2024-6387 openssh: Possible remote code execution due to a race condition in signal handling [fedora-40]

This is built from the wrong branch (rawhide instead of eln), please untag! The package is very very different between the branches, and this update, if it works at all, lowers the security of the system.

Possibly with openssh ELN build depending on non-existent-in-ELN-yet version of crypto-policies.

karma

Test from https://fedoraproject.org/wiki/QA:Testcase_OpenSSH passes

RequiredRSASize works, as either RequiredRSASize or RSAMinSize, in config or on cmdline.

Test Case OpenSSH
karma

Works, fixes RSA-PSS.