From 767ce13c06b428e3f21255fc2ab82de1fc79ed93 Mon Sep 17 00:00:00 2001 From: Pierre Riteau Date: Fri, 5 Jul 2024 14:15:34 +0200 Subject: [PATCH] Restrict security-common to OpenSSH packages The other updated packages (glibc and microcode_ctl) need more testing. --- etc/kayobe/dnf.yml | 1 + .../notes/security-common-openssh-6fbd5a1e95fd66ae.yaml | 6 ++++++ 2 files changed, 7 insertions(+) create mode 100644 releasenotes/notes/security-common-openssh-6fbd5a1e95fd66ae.yaml diff --git a/etc/kayobe/dnf.yml b/etc/kayobe/dnf.yml index effe18856..e7dcf1c65 100644 --- a/etc/kayobe/dnf.yml +++ b/etc/kayobe/dnf.yml @@ -122,6 +122,7 @@ dnf_custom_repos_rocky_9: file: Rocky-SIG-Security-Common gpgkey: "{{ rocky_9_sig_security_gpg_key }}" gpgcheck: yes + includepkgs: "openssh*" username: "{{ stackhpc_repo_mirror_username | default(omit, true) }}" password: "{{ stackhpc_repo_mirror_password | default(omit, true) }}" diff --git a/releasenotes/notes/security-common-openssh-6fbd5a1e95fd66ae.yaml b/releasenotes/notes/security-common-openssh-6fbd5a1e95fd66ae.yaml new file mode 100644 index 000000000..7c2892c80 --- /dev/null +++ b/releasenotes/notes/security-common-openssh-6fbd5a1e95fd66ae.yaml @@ -0,0 +1,6 @@ +--- +security: + - | + Enables the Rocky Linux 9 SIG Security Common repository, which provides + updated OpenSSH packages addressing CVE-2024-6387 (regreSSHion). Other + packages available in this repository are currently ignored.