Bug 1373835
Summary: | Ciphers and MACs enabled by default differ from upstream OpenSSH 6.7 with security implications. | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Jakub Svoboda <jsvoboda> |
Component: | openssh | Assignee: | Jakub Jelen <jjelen> |
Status: | CLOSED ERRATA | QA Contact: | Hubert Kario <hkario> |
Severity: | unspecified | Docs Contact: | Mirek Jahoda <mjahoda> |
Priority: | unspecified | ||
Version: | 7.2 | CC: | ahecox, ajb, freshman, leonard-rh-bugzilla, mgrepl, nmavrogi, phil, szidek, toracat, vdanen |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | openssh-7.4p1-1.el7 | Doc Type: | Deprecated Functionality |
Doc Text: |
OpenSSH upstream removes several ciphers with questionable security from the release. This update is trying to follow this trend while leaving most of the backward compatibility.
Since last update we removed from Server&Client proposal:
* Hostkey algorithms: ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com (deprecated)
* Ciphers: arcfour256,arcfour128,arcfour,rijndael-cbc@lysator.liu.se (RC4 is broken, rijndael-cbc quite much unused alias for AES)
* MACs: hmac-md5,hmac-md5-96,hmac-md5-96-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-ripemd160,hmac-ripemd160-etm@openssh.com,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-sha1-96-etm@openssh.com (MD5, truncated SHA-1, RIPEMD160)
Since last update we removed from client proposal:
* Ciphers: blowfish-cbc,cast128-cbc,3des-cbc (in addition to the above)
- non-essential and possibly broken.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2017-08-01 18:42:47 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1335929, 1377248, 1417264 |
Description
Jakub Svoboda
2016-09-07 08:54:18 UTC
*** Bug 1417263 has been marked as a duplicate of this bug. *** Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:2029 |