--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2006-168935 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168935 2006-02-10 ---------------------------------------------------------------------
Name : openssh Versions : rh73: openssh-3.1p1-14.3.legacy Versions : rh9: openssh-3.5p1-11.4.legacy Versions : fc1: openssh-3.6.1p2-19.4.legacy Versions : fc2: openssh-3.6.1p2-34.4.legacy Versions : fc3: openssh-3.9p1-8.0.4.legacy Summary : The OpenSSH implementation of SSH protocol. Description : OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. SSH replaces rlogin and rsh, to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. Public key authentication may be used for "passwordless" access to servers. --------------------------------------------------------------------- Update Information: Updated openssh packages that fix security issues are now available. OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. SSH replaces rlogin and rsh, and provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over a secure channel. Public key authentication can be used for "passwordless" access to servers. A bug was found in the way the OpenSSH server handled the MaxStartups and LoginGraceTime configuration variables. A malicious user could connect to the SSH daemon in such a way that it would prevent additional logins from occuring until the malicious connections are closed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-2069 to this issue. The scp command was found to expose filenames twice to shell expansion. A malicious user could execute arbitrary commands by using specially crafted filenames containing shell metacharacters or spaces. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-0225 to this issue. Users of openssh should upgrade to these updated packages, which contain backported patches to resolve these issues. --------------------------------------------------------------------- Changelogs rh73: * Mon Jan 23 2006 Marc Deslauriers <[EMAIL PROTECTED]> 3.1p1-14.3.legacy - use fork+exec instead of system in scp - CVE-2006-0225 rh9: * Mon Jan 23 2006 Marc Deslauriers <[EMAIL PROTECTED]> 3.5p1-11.4.legacy - use fork+exec instead of system in scp - CVE-2006-0225 * Sun Jan 22 2006 Marc Deslauriers <[EMAIL PROTECTED]> 3.5p1-11.3.legacy - CAN-2004-2069 - prevent DoS on openssh server fc1: * Mon Jan 23 2006 Marc Deslauriers <[EMAIL PROTECTED]> 3.6.1p2-19.4.legacy - use fork+exec instead of system in scp - CVE-2006-0225 * Sun Jan 22 2006 Marc Deslauriers <[EMAIL PROTECTED]> 3.6.1p1-19.3.legacy - CAN-2004-2069 - prevent DoS on openssh server fc2: * Mon Jan 23 2006 Marc Deslauriers <[EMAIL PROTECTED]> 3.6.1p2-34.4.legacy - use fork+exec instead of system in scp - CVE-2006-0225 * Sun Jan 22 2006 Marc Deslauriers <[EMAIL PROTECTED]> 3.6.1p2-34.3.legacy - CAN-2004-2069 - prevent DoS on openssh server fc3: * Mon Jan 23 2006 Marc Deslauriers <[EMAIL PROTECTED]> 3.9p1-8.0.4.legacy - use fork+exec instead of system in scp - CVE-2006-0225 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh73: 5c732eac2396d1dbc767c6706b936177b04e3ba9 redhat/7.3/updates-testing/i386/openssh-3.1p1-14.3.legacy.i386.rpm ac522209cbabd3638e8ca2b08bdf5453c1d9a8d4 redhat/7.3/updates-testing/i386/openssh-askpass-3.1p1-14.3.legacy.i386.rpm a79e45b1fd78f517a2dfb846e1814aeff35ab86d redhat/7.3/updates-testing/i386/openssh-askpass-gnome-3.1p1-14.3.legacy.i386.rpm daa5d5518e33835ef47f41f3bb379d9659e2bc3f redhat/7.3/updates-testing/i386/openssh-clients-3.1p1-14.3.legacy.i386.rpm 28d3e3a66e6c786db875c5ea8d629b6abcc7fe5b redhat/7.3/updates-testing/i386/openssh-server-3.1p1-14.3.legacy.i386.rpm d838db35baa90040dec9df7459af4682f8976b7a redhat/7.3/updates-testing/SRPMS/openssh-3.1p1-14.3.legacy.src.rpm rh9: 2e4da4da715512dccb420fc67f3bb24dae2d9a40 redhat/9/updates-testing/i386/openssh-3.5p1-11.4.legacy.i386.rpm af36bd2aa23d16986072cf15c6906add540f8b8a redhat/9/updates-testing/i386/openssh-askpass-3.5p1-11.4.legacy.i386.rpm 0cc2cf34bde4b876944c8f19c1cd58d9f4503757 redhat/9/updates-testing/i386/openssh-askpass-gnome-3.5p1-11.4.legacy.i386.rpm f0e967606a821ec50f6d0af708935a9f04b52d11 redhat/9/updates-testing/i386/openssh-clients-3.5p1-11.4.legacy.i386.rpm d49d40f814c95319dff11a49f8bb66dcdd3f808c redhat/9/updates-testing/i386/openssh-server-3.5p1-11.4.legacy.i386.rpm 38544ce3e39dbebcb15ce213f4aff9bf3edb93a7 redhat/9/updates-testing/SRPMS/openssh-3.5p1-11.4.legacy.src.rpm fc1: c962909e215becff41ab14353a0b1ef3f5a499fd fedora/1/updates-testing/i386/openssh-3.6.1p2-19.4.legacy.i386.rpm 61ca655031b498ba8c66a97f0792c4f9dbd0f795 fedora/1/updates-testing/i386/openssh-askpass-3.6.1p2-19.4.legacy.i386.rpm 0201fe8254733f85cde19e17911015c38ae6f8fa fedora/1/updates-testing/i386/openssh-askpass-gnome-3.6.1p2-19.4.legacy.i386.rpm 3818241e59db35fe61773f7e59d9d83fafd4b16a fedora/1/updates-testing/i386/openssh-clients-3.6.1p2-19.4.legacy.i386.rpm 202bec4605eaf6054433a170a6432a3d449862cb fedora/1/updates-testing/i386/openssh-server-3.6.1p2-19.4.legacy.i386.rpm e5b385dbba09ec63225c2eb25e22827d0e6fd789 fedora/1/updates-testing/SRPMS/openssh-3.6.1p2-19.4.legacy.src.rpm fc2: ca85182633a97ce1bb8c3bcb683d44242881703f fedora/2/updates-testing/i386/openssh-3.6.1p2-34.4.legacy.i386.rpm f49c8368fe790df101b671a368f0ff47fdc0fad3 fedora/2/updates-testing/i386/openssh-askpass-3.6.1p2-34.4.legacy.i386.rpm 281fe61d517ebff0a297cd4c6342c398debcd33f fedora/2/updates-testing/i386/openssh-askpass-gnome-3.6.1p2-34.4.legacy.i386.rpm d25c9ca4c55732cc3368587cfd6b4b7629c52ee8 fedora/2/updates-testing/i386/openssh-clients-3.6.1p2-34.4.legacy.i386.rpm ec570330a25c600803dd2f88ff140726a66d3c7e fedora/2/updates-testing/i386/openssh-server-3.6.1p2-34.4.legacy.i386.rpm 4bf28b7a7d7a9fad922b6a1e96a0433320cab26e fedora/2/updates-testing/SRPMS/openssh-3.6.1p2-34.4.legacy.src.rpm fc3: 75001fc461867ff3b5f608423de99b5c0d9705e6 fedora/3/updates-testing/i386/openssh-3.9p1-8.0.4.legacy.i386.rpm e4a4bfc7866e2ace0c9b0a0a3b4598e9594fd6ae fedora/3/updates-testing/i386/openssh-askpass-3.9p1-8.0.4.legacy.i386.rpm 4df1fe9ad8bfcdee35dcddbc9fb124e513718275 fedora/3/updates-testing/i386/openssh-askpass-gnome-3.9p1-8.0.4.legacy.i386.rpm f53b372fcab1724ac8a073aebc9b04718439c894 fedora/3/updates-testing/i386/openssh-clients-3.9p1-8.0.4.legacy.i386.rpm 8b800276ec20d03452cf1e39883315baa9c7a7df fedora/3/updates-testing/i386/openssh-server-3.9p1-8.0.4.legacy.i386.rpm 61a70c9f0cf6c152fb7f48c5857b5e002dc0527a fedora/3/updates-testing/x86_64/openssh-3.9p1-8.0.4.legacy.x86_64.rpm b8e38615db4f431c1e87204a0ecaefbabde2479b fedora/3/updates-testing/x86_64/openssh-askpass-3.9p1-8.0.4.legacy.x86_64.rpm 5cd606345fb8b3ba1f7c1d6f005d18c50d0886bd fedora/3/updates-testing/x86_64/openssh-askpass-gnome-3.9p1-8.0.4.legacy.x86_64.rpm db5f2a76871dc0e6987702a492ad84252a5211c4 fedora/3/updates-testing/x86_64/openssh-clients-3.9p1-8.0.4.legacy.x86_64.rpm 18f578efebdc634ee6ab363064f9ac8d81fa5cf0 fedora/3/updates-testing/x86_64/openssh-server-3.9p1-8.0.4.legacy.x86_64.rpm 8dc6ca866a0a5d0e2c01f4b898bbaa798399fa40 fedora/3/updates-testing/SRPMS/openssh-3.9p1-8.0.4.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list mailing list fedora-legacy-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-legacy-list
