Bug 1804797

Summary: Rebase libssh to the latest upstream version
Product: Red Hat Enterprise Linux 8 Reporter: Anderson Sasaki <ansasaki>
Component: libsshAssignee: Anderson Sasaki <ansasaki>
Status: CLOSED ERRATA QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact: lmcgarry
Priority: medium    
Version: 8.2CC: lmanasko, omoris
Target Milestone: rcKeywords: Rebase, Triaged
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
.The `libssh` library has been rebased to version 0.9.4 The `libssh` library, which implements the SSH protocol, has been upgraded to version 0.9.4. This update includes bug fixes and enhancements, including: * Added support for `Ed25519` keys in PEM files. * Added support for `diffie-hellman-group14-sha256` key exchange algorithm. * Added support for `localuser` in `Match` keyword in the `libssh` client configuration file. * `Match` criteria keyword arguments are now case-sensitive (note that keywords are case-insensitive, but keyword arguments are case-sensitive) * Fixed CVE-2019-14889 and CVE-2020-1730. * Added support for recursively creating missing directories found in the path string provided for the known hosts file. * Added support for `OpenSSH` keys in PEM files with comments and leading white spaces. * Removed the `OpenSSH` server configuration inclusion from the `libssh` server configuration.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2020-11-04 02:00:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Comment 10 lmcgarry 2020-07-22 09:12:40 UTC 
Hi,
I have updated the doc text field for the release note.

There was a note in that field to say the following should also be documented so I added this to the list. Or is this covered by your note for the second bullet under bugfixes above?

* Arguments to the `localuser` keyword in the `libssh` configuration file are now case sensitive.

Can you confirm the text is ok?
Thanks
Comment 18 errata-xmlrpc 2020-11-04 02:00:14 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: libssh security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:4545