RHSA-2005:550-01 Low: openssh security update
Posted on: 09/28/2005 11:42 AM

A new update is available for Red Hat Enterprise Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Low: openssh security update
Advisory ID: RHSA-2005:550-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-550.html
Issue date: 2005-09-28
Updated on: 2005-09-28
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-2069
- ---------------------------------------------------------------------

1. Summary:

Updated openssh packages that fix a potential security vulnerability and
various other bugs are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This
includes the core files necessary for both the OpenSSH client and server.

A bug was found in the way the OpenSSH server handled the MaxStartups and
LoginGraceTime configuration variables. A malicious user could connect to
the SSH daemon in such a way that it would prevent additional logins from
occuring until the malicious connections are closed. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-2069 to this issue.

Additionally, the following issues are resolved with this update:

- - The -q option of the ssh client did not suppress the banner message sent
by the server, which caused errors when used in scripts.

- - The sshd daemon failed to close the client connection if multiple X
clients were forwarded over the connection and the client session exited.

- - The sftp client leaked memory if used for extended periods.

- - The sshd daemon called the PAM functions incorrectly if the user was
unknown on the system.

All users of openssh should upgrade to these updated packages, which
contain backported patches and resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

129289 - [PATCH] SSH -q flag does not suppress banner text
151080 - sftp over a persistent connection (days/weeks) develops a memory leak.
156996 - CAN-2004-2069 openssh DoS issue


6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openssh-3.6.1p2-33.30.6.src.rpm
f514321c6f738324ef5aa4df64a6e1c2 openssh-3.6.1p2-33.30.6.src.rpm

i386:
52e87b68f36f459088903be25e4dc9fd openssh-3.6.1p2-33.30.6.i386.rpm
4352bdb2f2c165818bb72723840bc96e openssh-askpass-3.6.1p2-33.30.6.i386.rpm
bccb045b7834a86051d4be555034f048 openssh-askpass-gnome-3.6.1p2-33.30.6.i386.rpm
4cda57abc7d85f321900d568a95c5480 openssh-clients-3.6.1p2-33.30.6.i386.rpm
b807bb89e975f7c6afe6f8270d1d5357 openssh-server-3.6.1p2-33.30.6.i386.rpm

ia64:
26481121cb896b726c8e891b801ef3d6 openssh-3.6.1p2-33.30.6.ia64.rpm
2f8aa489e8d9744cbafcd45730794395 openssh-askpass-3.6.1p2-33.30.6.ia64.rpm
fbdd53c3bf2288409aa0687f3717ea5b openssh-askpass-gnome-3.6.1p2-33.30.6.ia64.rpm
d60c195299c8e07e4c5e100f18e2145b openssh-clients-3.6.1p2-33.30.6.ia64.rpm
a0b7c2e40c942f7996003b3d33dc7094 openssh-server-3.6.1p2-33.30.6.ia64.rpm

ppc:
3e29708efad159fa8cc254662b6ff505 openssh-3.6.1p2-33.30.6.ppc.rpm
5c6363576c83399dfa948aa45d8f185e openssh-askpass-3.6.1p2-33.30.6.ppc.rpm
bea38750538bd370e65406b5b1eabf33 openssh-askpass-gnome-3.6.1p2-33.30.6.ppc.rpm
fc65f08b4c2e6ede36e0f7762140aa5c openssh-clients-3.6.1p2-33.30.6.ppc.rpm
ddb0d4bbf471f2c9a60ac8d928a1733e openssh-server-3.6.1p2-33.30.6.ppc.rpm

s390:
a09e96711d0f9e6527193eb3a3660ce1 openssh-3.6.1p2-33.30.6.s390.rpm
8fde7e1acc7593ba0048836f88c9548f openssh-askpass-3.6.1p2-33.30.6.s390.rpm
35e1caa39539fbdd1bd38f17ad66103d openssh-askpass-gnome-3.6.1p2-33.30.6.s390.rpm
c6f91623373358c892fcb36c7785d1c6 openssh-clients-3.6.1p2-33.30.6.s390.rpm
d13ba0dee80f74ac42eb2594fb1582cd openssh-server-3.6.1p2-33.30.6.s390.rpm

s390x:
c953f6bebbffc2c5e888a4b59c4cee7a openssh-3.6.1p2-33.30.6.s390x.rpm
3938bf4cb26335f471f494fd455427a0 openssh-askpass-3.6.1p2-33.30.6.s390x.rpm
06561eab8bd1a67fec7747c9b4ace426 openssh-askpass-gnome-3.6.1p2-33.30.6.s390x.rpm
42df2d392e3741527b820edb6e7fe8c0 openssh-clients-3.6.1p2-33.30.6.s390x.rpm
2bc0b74d772c4fea91ba835b23e86fae openssh-server-3.6.1p2-33.30.6.s390x.rpm

x86_64:
2778b91c7cb7735c4b60fac710a4e602 openssh-3.6.1p2-33.30.6.x86_64.rpm
ed944f1bdecb361ee6cf8e9429ccbc52 openssh-askpass-3.6.1p2-33.30.6.x86_64.rpm
252f1926456af7e2749fa34eafd91cec openssh-askpass-gnome-3.6.1p2-33.30.6.x86_64.rpm
9d788669ff55c53e49e35e1f0919c0ce openssh-clients-3.6.1p2-33.30.6.x86_64.rpm
3552034cbb2d541408fe82faf821a42f openssh-server-3.6.1p2-33.30.6.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openssh-3.6.1p2-33.30.6.src.rpm
f514321c6f738324ef5aa4df64a6e1c2 openssh-3.6.1p2-33.30.6.src.rpm

i386:
52e87b68f36f459088903be25e4dc9fd openssh-3.6.1p2-33.30.6.i386.rpm
4352bdb2f2c165818bb72723840bc96e openssh-askpass-3.6.1p2-33.30.6.i386.rpm
bccb045b7834a86051d4be555034f048 openssh-askpass-gnome-3.6.1p2-33.30.6.i386.rpm
4cda57abc7d85f321900d568a95c5480 openssh-clients-3.6.1p2-33.30.6.i386.rpm
b807bb89e975f7c6afe6f8270d1d5357 openssh-server-3.6.1p2-33.30.6.i386.rpm

x86_64:
2778b91c7cb7735c4b60fac710a4e602 openssh-3.6.1p2-33.30.6.x86_64.rpm
ed944f1bdecb361ee6cf8e9429ccbc52 openssh-askpass-3.6.1p2-33.30.6.x86_64.rpm
252f1926456af7e2749fa34eafd91cec openssh-askpass-gnome-3.6.1p2-33.30.6.x86_64.rpm
9d788669ff55c53e49e35e1f0919c0ce openssh-clients-3.6.1p2-33.30.6.x86_64.rpm
3552034cbb2d541408fe82faf821a42f openssh-server-3.6.1p2-33.30.6.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openssh-3.6.1p2-33.30.6.src.rpm
f514321c6f738324ef5aa4df64a6e1c2 openssh-3.6.1p2-33.30.6.src.rpm

i386:
52e87b68f36f459088903be25e4dc9fd openssh-3.6.1p2-33.30.6.i386.rpm
4352bdb2f2c165818bb72723840bc96e openssh-askpass-3.6.1p2-33.30.6.i386.rpm
bccb045b7834a86051d4be555034f048 openssh-askpass-gnome-3.6.1p2-33.30.6.i386.rpm
4cda57abc7d85f321900d568a95c5480 openssh-clients-3.6.1p2-33.30.6.i386.rpm
b807bb89e975f7c6afe6f8270d1d5357 openssh-server-3.6.1p2-33.30.6.i386.rpm

ia64:
26481121cb896b726c8e891b801ef3d6 openssh-3.6.1p2-33.30.6.ia64.rpm
2f8aa489e8d9744cbafcd45730794395 openssh-askpass-3.6.1p2-33.30.6.ia64.rpm
fbdd53c3bf2288409aa0687f3717ea5b openssh-askpass-gnome-3.6.1p2-33.30.6.ia64.rpm
d60c195299c8e07e4c5e100f18e2145b openssh-clients-3.6.1p2-33.30.6.ia64.rpm
a0b7c2e40c942f7996003b3d33dc7094 openssh-server-3.6.1p2-33.30.6.ia64.rpm

x86_64:
2778b91c7cb7735c4b60fac710a4e602 openssh-3.6.1p2-33.30.6.x86_64.rpm
ed944f1bdecb361ee6cf8e9429ccbc52 openssh-askpass-3.6.1p2-33.30.6.x86_64.rpm
252f1926456af7e2749fa34eafd91cec openssh-askpass-gnome-3.6.1p2-33.30.6.x86_64.rpm
9d788669ff55c53e49e35e1f0919c0ce openssh-clients-3.6.1p2-33.30.6.x86_64.rpm
3552034cbb2d541408fe82faf821a42f openssh-server-3.6.1p2-33.30.6.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openssh-3.6.1p2-33.30.6.src.rpm
f514321c6f738324ef5aa4df64a6e1c2 openssh-3.6.1p2-33.30.6.src.rpm

i386:
52e87b68f36f459088903be25e4dc9fd openssh-3.6.1p2-33.30.6.i386.rpm
4352bdb2f2c165818bb72723840bc96e openssh-askpass-3.6.1p2-33.30.6.i386.rpm
bccb045b7834a86051d4be555034f048 openssh-askpass-gnome-3.6.1p2-33.30.6.i386.rpm
4cda57abc7d85f321900d568a95c5480 openssh-clients-3.6.1p2-33.30.6.i386.rpm
b807bb89e975f7c6afe6f8270d1d5357 openssh-server-3.6.1p2-33.30.6.i386.rpm

ia64:
26481121cb896b726c8e891b801ef3d6 openssh-3.6.1p2-33.30.6.ia64.rpm
2f8aa489e8d9744cbafcd45730794395 openssh-askpass-3.6.1p2-33.30.6.ia64.rpm
fbdd53c3bf2288409aa0687f3717ea5b openssh-askpass-gnome-3.6.1p2-33.30.6.ia64.rpm
d60c195299c8e07e4c5e100f18e2145b openssh-clients-3.6.1p2-33.30.6.ia64.rpm
a0b7c2e40c942f7996003b3d33dc7094 openssh-server-3.6.1p2-33.30.6.ia64.rpm

x86_64:
2778b91c7cb7735c4b60fac710a4e602 openssh-3.6.1p2-33.30.6.x86_64.rpm
ed944f1bdecb361ee6cf8e9429ccbc52 openssh-askpass-3.6.1p2-33.30.6.x86_64.rpm
252f1926456af7e2749fa34eafd91cec openssh-askpass-gnome-3.6.1p2-33.30.6.x86_64.rpm
9d788669ff55c53e49e35e1f0919c0ce openssh-clients-3.6.1p2-33.30.6.x86_64.rpm
3552034cbb2d541408fe82faf821a42f openssh-server-3.6.1p2-33.30.6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2069

8. Contact:

The Red Hat security contact is lt;secalert@redhat.comgt;. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDOrmeXlSAg2UNWIIRAuF5AJ4lKY89ZylrKmOfz6MPg76isA4TBgCfTgWH
e1YnMwvvi28iiE9DO9zfGKc=
=dqOJ
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/rhsa_2005550_01_low_openssh_security_update.html)