Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2006.0714 -- [RedHat] Important: openssh security update 29 September 2006 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: openssh Publisher: Red Hat Operating System: Red Hat Enterprise Linux Desktop 4 Red Hat Enterprise Linux AS/ES/WS 4 Red Hat Desktop 3 Red Hat Enterprise Linux AS/ES/WS 3 Red Hat Linux Advanced Workstation 2.1 Red Hat Enterprise Linux AS/ES/WS 2.1 Impact: Execute Arbitrary Code/Commands Denial of Service Access: Remote/Unauthenticated CVE Names: CVE-2006-5051 CVE-2006-4924 CVE-2006-0386 CVE-2006-0225 Ref: ESB-2006.0709 Original Bulletin: https://rhn.redhat.com/errata/RHSA-2006-0697.html Comment: Please note that this bulletin contains two Red Hat advisories - one for Red Hat 3 and 4, the other for Red Hat 2.1. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: openssh security update Advisory ID: RHSA-2006:0697-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0697.html Issue date: 2006-09-28 Updated on: 2006-09-28 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-4924 CVE-2006-5051 - - --------------------------------------------------------------------- 1. Summary: Updated openssh packages that fix two security flaws are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This package includes the core files necessary for both the OpenSSH client and server. Mark Dowd discovered a signal handler race condition in the OpenSSH sshd server. A remote attacker could possibly leverage this flaw to cause a denial of service (crash). (CVE-2006-5051) The OpenSSH project believes the likelihood of successful exploitation leading to arbitrary code execution appears remote. However, the Red Hat Security Response Team have not yet been able to verify this claim due to lack of upstream vulnerability information. We are therefore including a fix for this flaw and have rated it important security severity in the event our continued investigation finds this issue to be exploitable. Tavis Ormandy of the Google Security Team discovered a denial of service bug in the OpenSSH sshd server. A remote attacker can send a specially crafted SSH-1 request to the server causing sshd to consume a large quantity of CPU resources. (CVE-2006-4924) All users of openssh should upgrade to these updated packages, which contain backported patches that resolves these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 207955 - CVE-2006-4924 openssh DoS 208347 - CVE-2006-5051 unsafe GSSAPI signal handler 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openssh-3.6.1p2-33.30.12.src.rpm 8210acf1f435ab2035f18be8454293d4 openssh-3.6.1p2-33.30.12.src.rpm i386: 89c6a0c942de0f4ad04f9bb025b8b92f openssh-3.6.1p2-33.30.12.i386.rpm cfea382c2e368089b0b7ddd734d1b196 openssh-askpass-3.6.1p2-33.30.12.i386.rpm 48e8e543f87823d973b5e6b41b206eda openssh-askpass-gnome-3.6.1p2-33.30.12.i386.rpm dfd7de84def7466a23f42d7773b7de86 openssh-clients-3.6.1p2-33.30.12.i386.rpm bc0bad54903c78c47a4433a6b60e4a5c openssh-debuginfo-3.6.1p2-33.30.12.i386.rpm 3ac78136d49fa7a02673f4edc035ffe7 openssh-server-3.6.1p2-33.30.12.i386.rpm ia64: 21a62ef6fbf25b1c3551e1d23e7188b4 openssh-3.6.1p2-33.30.12.ia64.rpm fbb11f16c2c5ee21b1e3aaec515945e7 openssh-askpass-3.6.1p2-33.30.12.ia64.rpm 5da88d2d69c64665788e60b126824bc1 openssh-askpass-gnome-3.6.1p2-33.30.12.ia64.rpm 00120331cca393960c1ed8f6be8ce739 openssh-clients-3.6.1p2-33.30.12.ia64.rpm 4164f9030d6482bc689f705318869d98 openssh-debuginfo-3.6.1p2-33.30.12.ia64.rpm cab6a4b4ce35eadb874c1d33930140d0 openssh-server-3.6.1p2-33.30.12.ia64.rpm ppc: ebf2a7d406a84c0e70cb6216da216c32 openssh-3.6.1p2-33.30.12.ppc.rpm d870455bea7f5dc7811cb2e94653ddda openssh-askpass-3.6.1p2-33.30.12.ppc.rpm 1f3cc9855ed90aa1cbe3e513c509894f openssh-askpass-gnome-3.6.1p2-33.30.12.ppc.rpm 4ea6ff849faf590001a46bc5d8c3b0e0 openssh-clients-3.6.1p2-33.30.12.ppc.rpm a8c6156346323142c2e3e4f9f929d578 openssh-debuginfo-3.6.1p2-33.30.12.ppc.rpm d3c45cba4d701c389c82d7cbd9026fce openssh-server-3.6.1p2-33.30.12.ppc.rpm s390: ca9e19608f0c79d94c2cd82699daa287 openssh-3.6.1p2-33.30.12.s390.rpm c83593e17d6991a8101a3982fa9df5b3 openssh-askpass-3.6.1p2-33.30.12.s390.rpm a9efc41ec6458f035c579015ba7f3b98 openssh-askpass-gnome-3.6.1p2-33.30.12.s390.rpm c5e8a4392e3f6be26c3cb61ca37ba3d5 openssh-clients-3.6.1p2-33.30.12.s390.rpm 9025f21c0f94247bbd6ed8603b19dc19 openssh-debuginfo-3.6.1p2-33.30.12.s390.rpm b7d0f364841078bfe5cad8750ea638fa openssh-server-3.6.1p2-33.30.12.s390.rpm s390x: 9d27c6f7bae2d4948a67a6ff6229b7c6 openssh-3.6.1p2-33.30.12.s390x.rpm 8261d07efa8d0647941cae4998f08f60 openssh-askpass-3.6.1p2-33.30.12.s390x.rpm 8926f0ebdbfe041f4921a793195e6814 openssh-askpass-gnome-3.6.1p2-33.30.12.s390x.rpm d41e4131ee0e545215d76d9a2adeb09b openssh-clients-3.6.1p2-33.30.12.s390x.rpm b8f6849c703be8c6fdb88b1b91fefd71 openssh-debuginfo-3.6.1p2-33.30.12.s390x.rpm 63f58387200cc0c682a4ea41ffc86bfe openssh-server-3.6.1p2-33.30.12.s390x.rpm x86_64: 0dfabce4750cd29cf5983c1046abbdf2 openssh-3.6.1p2-33.30.12.x86_64.rpm 7ddc9d3c1aaa497e6e9f2ccfeef9ae63 openssh-askpass-3.6.1p2-33.30.12.x86_64.rpm 04689df5f2a4df0a6b7cf1358ad456cf openssh-askpass-gnome-3.6.1p2-33.30.12.x86_64.rpm e662e6944cc24c928bae0a51850c5776 openssh-clients-3.6.1p2-33.30.12.x86_64.rpm e37b56a43ee135c9847f6b0dae297acc openssh-debuginfo-3.6.1p2-33.30.12.x86_64.rpm d4f75e6464c79333b96af81171803580 openssh-server-3.6.1p2-33.30.12.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openssh-3.6.1p2-33.30.12.src.rpm 8210acf1f435ab2035f18be8454293d4 openssh-3.6.1p2-33.30.12.src.rpm i386: 89c6a0c942de0f4ad04f9bb025b8b92f openssh-3.6.1p2-33.30.12.i386.rpm cfea382c2e368089b0b7ddd734d1b196 openssh-askpass-3.6.1p2-33.30.12.i386.rpm 48e8e543f87823d973b5e6b41b206eda openssh-askpass-gnome-3.6.1p2-33.30.12.i386.rpm dfd7de84def7466a23f42d7773b7de86 openssh-clients-3.6.1p2-33.30.12.i386.rpm bc0bad54903c78c47a4433a6b60e4a5c openssh-debuginfo-3.6.1p2-33.30.12.i386.rpm 3ac78136d49fa7a02673f4edc035ffe7 openssh-server-3.6.1p2-33.30.12.i386.rpm x86_64: 0dfabce4750cd29cf5983c1046abbdf2 openssh-3.6.1p2-33.30.12.x86_64.rpm 7ddc9d3c1aaa497e6e9f2ccfeef9ae63 openssh-askpass-3.6.1p2-33.30.12.x86_64.rpm 04689df5f2a4df0a6b7cf1358ad456cf openssh-askpass-gnome-3.6.1p2-33.30.12.x86_64.rpm e662e6944cc24c928bae0a51850c5776 openssh-clients-3.6.1p2-33.30.12.x86_64.rpm e37b56a43ee135c9847f6b0dae297acc openssh-debuginfo-3.6.1p2-33.30.12.x86_64.rpm d4f75e6464c79333b96af81171803580 openssh-server-3.6.1p2-33.30.12.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openssh-3.6.1p2-33.30.12.src.rpm 8210acf1f435ab2035f18be8454293d4 openssh-3.6.1p2-33.30.12.src.rpm i386: 89c6a0c942de0f4ad04f9bb025b8b92f openssh-3.6.1p2-33.30.12.i386.rpm cfea382c2e368089b0b7ddd734d1b196 openssh-askpass-3.6.1p2-33.30.12.i386.rpm 48e8e543f87823d973b5e6b41b206eda openssh-askpass-gnome-3.6.1p2-33.30.12.i386.rpm dfd7de84def7466a23f42d7773b7de86 openssh-clients-3.6.1p2-33.30.12.i386.rpm bc0bad54903c78c47a4433a6b60e4a5c openssh-debuginfo-3.6.1p2-33.30.12.i386.rpm 3ac78136d49fa7a02673f4edc035ffe7 openssh-server-3.6.1p2-33.30.12.i386.rpm ia64: 21a62ef6fbf25b1c3551e1d23e7188b4 openssh-3.6.1p2-33.30.12.ia64.rpm fbb11f16c2c5ee21b1e3aaec515945e7 openssh-askpass-3.6.1p2-33.30.12.ia64.rpm 5da88d2d69c64665788e60b126824bc1 openssh-askpass-gnome-3.6.1p2-33.30.12.ia64.rpm 00120331cca393960c1ed8f6be8ce739 openssh-clients-3.6.1p2-33.30.12.ia64.rpm 4164f9030d6482bc689f705318869d98 openssh-debuginfo-3.6.1p2-33.30.12.ia64.rpm cab6a4b4ce35eadb874c1d33930140d0 openssh-server-3.6.1p2-33.30.12.ia64.rpm x86_64: 0dfabce4750cd29cf5983c1046abbdf2 openssh-3.6.1p2-33.30.12.x86_64.rpm 7ddc9d3c1aaa497e6e9f2ccfeef9ae63 openssh-askpass-3.6.1p2-33.30.12.x86_64.rpm 04689df5f2a4df0a6b7cf1358ad456cf openssh-askpass-gnome-3.6.1p2-33.30.12.x86_64.rpm e662e6944cc24c928bae0a51850c5776 openssh-clients-3.6.1p2-33.30.12.x86_64.rpm e37b56a43ee135c9847f6b0dae297acc openssh-debuginfo-3.6.1p2-33.30.12.x86_64.rpm d4f75e6464c79333b96af81171803580 openssh-server-3.6.1p2-33.30.12.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openssh-3.6.1p2-33.30.12.src.rpm 8210acf1f435ab2035f18be8454293d4 openssh-3.6.1p2-33.30.12.src.rpm i386: 89c6a0c942de0f4ad04f9bb025b8b92f openssh-3.6.1p2-33.30.12.i386.rpm cfea382c2e368089b0b7ddd734d1b196 openssh-askpass-3.6.1p2-33.30.12.i386.rpm 48e8e543f87823d973b5e6b41b206eda openssh-askpass-gnome-3.6.1p2-33.30.12.i386.rpm dfd7de84def7466a23f42d7773b7de86 openssh-clients-3.6.1p2-33.30.12.i386.rpm bc0bad54903c78c47a4433a6b60e4a5c openssh-debuginfo-3.6.1p2-33.30.12.i386.rpm 3ac78136d49fa7a02673f4edc035ffe7 openssh-server-3.6.1p2-33.30.12.i386.rpm ia64: 21a62ef6fbf25b1c3551e1d23e7188b4 openssh-3.6.1p2-33.30.12.ia64.rpm fbb11f16c2c5ee21b1e3aaec515945e7 openssh-askpass-3.6.1p2-33.30.12.ia64.rpm 5da88d2d69c64665788e60b126824bc1 openssh-askpass-gnome-3.6.1p2-33.30.12.ia64.rpm 00120331cca393960c1ed8f6be8ce739 openssh-clients-3.6.1p2-33.30.12.ia64.rpm 4164f9030d6482bc689f705318869d98 openssh-debuginfo-3.6.1p2-33.30.12.ia64.rpm cab6a4b4ce35eadb874c1d33930140d0 openssh-server-3.6.1p2-33.30.12.ia64.rpm x86_64: 0dfabce4750cd29cf5983c1046abbdf2 openssh-3.6.1p2-33.30.12.x86_64.rpm 7ddc9d3c1aaa497e6e9f2ccfeef9ae63 openssh-askpass-3.6.1p2-33.30.12.x86_64.rpm 04689df5f2a4df0a6b7cf1358ad456cf openssh-askpass-gnome-3.6.1p2-33.30.12.x86_64.rpm e662e6944cc24c928bae0a51850c5776 openssh-clients-3.6.1p2-33.30.12.x86_64.rpm e37b56a43ee135c9847f6b0dae297acc openssh-debuginfo-3.6.1p2-33.30.12.x86_64.rpm d4f75e6464c79333b96af81171803580 openssh-server-3.6.1p2-33.30.12.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openssh-3.9p1-8.RHEL4.17.src.rpm 51be48086e7c82696796fbf56aa8c71a openssh-3.9p1-8.RHEL4.17.src.rpm i386: c3cfd9ebdd59ec90049c011d957ae2f2 openssh-3.9p1-8.RHEL4.17.i386.rpm b77a94f1ae3fc9e8e3f0ac26614bd2ae openssh-askpass-3.9p1-8.RHEL4.17.i386.rpm d7d1ae6eea1617248a1dd94d5aebfc56 openssh-askpass-gnome-3.9p1-8.RHEL4.17.i386.rpm 88055f8b632235cb4f6c041c77426bb7 openssh-clients-3.9p1-8.RHEL4.17.i386.rpm a2e9e76ff1b7be50890a00f0164d4d13 openssh-debuginfo-3.9p1-8.RHEL4.17.i386.rpm 20e5ab164e2064fef4ee808eeca16e09 openssh-server-3.9p1-8.RHEL4.17.i386.rpm ia64: 45422334f78e143b6b2e4594eecdc4a2 openssh-3.9p1-8.RHEL4.17.ia64.rpm 97de282c9b352e9c7a939e9797a790c9 openssh-askpass-3.9p1-8.RHEL4.17.ia64.rpm 970aae2acb04f46f50d91a525c2c727e openssh-askpass-gnome-3.9p1-8.RHEL4.17.ia64.rpm 65265a283172a054b6c66e7e8303dbde openssh-clients-3.9p1-8.RHEL4.17.ia64.rpm 3a1f117ab1269433208906ffd21c27d2 openssh-debuginfo-3.9p1-8.RHEL4.17.ia64.rpm 3af550bd7f29dc20a66bf6073f78e838 openssh-server-3.9p1-8.RHEL4.17.ia64.rpm ppc: b56f299da59de3d32569f19af8c4aa30 openssh-3.9p1-8.RHEL4.17.ppc.rpm 1584315bc0bc7549c8cc9875c116a33e openssh-askpass-3.9p1-8.RHEL4.17.ppc.rpm 6bc2ce2eb1990f3c26cabc5e29b20692 openssh-askpass-gnome-3.9p1-8.RHEL4.17.ppc.rpm 7b4847ee68bb6490b016597f94ba3a55 openssh-clients-3.9p1-8.RHEL4.17.ppc.rpm d004d8c0b116140da77f495bacdfdd73 openssh-debuginfo-3.9p1-8.RHEL4.17.ppc.rpm 77e9a0c82dbd22c5f926e24a0bab20cb openssh-server-3.9p1-8.RHEL4.17.ppc.rpm s390: 22fcb9d4f74ea6d454f939b6e1dead06 openssh-3.9p1-8.RHEL4.17.s390.rpm 6a5fdd69ec65e44f7ba8abae8da59a11 openssh-askpass-3.9p1-8.RHEL4.17.s390.rpm 7c3e5d5d17e75b61b5d74aea581041f3 openssh-askpass-gnome-3.9p1-8.RHEL4.17.s390.rpm 988c522bf640fb52fc39a3905bc054f4 openssh-clients-3.9p1-8.RHEL4.17.s390.rpm c6452af2e33ff0cb6a370d80ec8fff56 openssh-debuginfo-3.9p1-8.RHEL4.17.s390.rpm fa05b3c293f1712f53f193f67fa4dd80 openssh-server-3.9p1-8.RHEL4.17.s390.rpm s390x: 546fc534b924a611a6a257b64ed7867d openssh-3.9p1-8.RHEL4.17.s390x.rpm 6ee531e6723591741e1ea801d90b4447 openssh-askpass-3.9p1-8.RHEL4.17.s390x.rpm f3d1dee6e7cd55dfa3c557a99d2430b6 openssh-askpass-gnome-3.9p1-8.RHEL4.17.s390x.rpm 2e42bb134cbe5ebdb25cf4fc606165fa openssh-clients-3.9p1-8.RHEL4.17.s390x.rpm 4b46ceca4636e380c552e836b7f2ca5d openssh-debuginfo-3.9p1-8.RHEL4.17.s390x.rpm 94e50b5516ba1f08bc689981f4044b5d openssh-server-3.9p1-8.RHEL4.17.s390x.rpm x86_64: 300fd86cea1f8687f1f48d202e850cb5 openssh-3.9p1-8.RHEL4.17.x86_64.rpm 025cfa10b241256c250c2a7bfac3bde3 openssh-askpass-3.9p1-8.RHEL4.17.x86_64.rpm 7abd38612b83c438dfc680a5e7c1b5fe openssh-askpass-gnome-3.9p1-8.RHEL4.17.x86_64.rpm fd7e4e3239444a616ff2d367a691a9a9 openssh-clients-3.9p1-8.RHEL4.17.x86_64.rpm 5dd99e55283d986fbbaca82c37d391ed openssh-debuginfo-3.9p1-8.RHEL4.17.x86_64.rpm 24a2f23edd250635204f8ad486ca6920 openssh-server-3.9p1-8.RHEL4.17.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openssh-3.9p1-8.RHEL4.17.src.rpm 51be48086e7c82696796fbf56aa8c71a openssh-3.9p1-8.RHEL4.17.src.rpm i386: c3cfd9ebdd59ec90049c011d957ae2f2 openssh-3.9p1-8.RHEL4.17.i386.rpm b77a94f1ae3fc9e8e3f0ac26614bd2ae openssh-askpass-3.9p1-8.RHEL4.17.i386.rpm d7d1ae6eea1617248a1dd94d5aebfc56 openssh-askpass-gnome-3.9p1-8.RHEL4.17.i386.rpm 88055f8b632235cb4f6c041c77426bb7 openssh-clients-3.9p1-8.RHEL4.17.i386.rpm a2e9e76ff1b7be50890a00f0164d4d13 openssh-debuginfo-3.9p1-8.RHEL4.17.i386.rpm 20e5ab164e2064fef4ee808eeca16e09 openssh-server-3.9p1-8.RHEL4.17.i386.rpm x86_64: 300fd86cea1f8687f1f48d202e850cb5 openssh-3.9p1-8.RHEL4.17.x86_64.rpm 025cfa10b241256c250c2a7bfac3bde3 openssh-askpass-3.9p1-8.RHEL4.17.x86_64.rpm 7abd38612b83c438dfc680a5e7c1b5fe openssh-askpass-gnome-3.9p1-8.RHEL4.17.x86_64.rpm fd7e4e3239444a616ff2d367a691a9a9 openssh-clients-3.9p1-8.RHEL4.17.x86_64.rpm 5dd99e55283d986fbbaca82c37d391ed openssh-debuginfo-3.9p1-8.RHEL4.17.x86_64.rpm 24a2f23edd250635204f8ad486ca6920 openssh-server-3.9p1-8.RHEL4.17.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openssh-3.9p1-8.RHEL4.17.src.rpm 51be48086e7c82696796fbf56aa8c71a openssh-3.9p1-8.RHEL4.17.src.rpm i386: c3cfd9ebdd59ec90049c011d957ae2f2 openssh-3.9p1-8.RHEL4.17.i386.rpm b77a94f1ae3fc9e8e3f0ac26614bd2ae openssh-askpass-3.9p1-8.RHEL4.17.i386.rpm d7d1ae6eea1617248a1dd94d5aebfc56 openssh-askpass-gnome-3.9p1-8.RHEL4.17.i386.rpm 88055f8b632235cb4f6c041c77426bb7 openssh-clients-3.9p1-8.RHEL4.17.i386.rpm a2e9e76ff1b7be50890a00f0164d4d13 openssh-debuginfo-3.9p1-8.RHEL4.17.i386.rpm 20e5ab164e2064fef4ee808eeca16e09 openssh-server-3.9p1-8.RHEL4.17.i386.rpm ia64: 45422334f78e143b6b2e4594eecdc4a2 openssh-3.9p1-8.RHEL4.17.ia64.rpm 97de282c9b352e9c7a939e9797a790c9 openssh-askpass-3.9p1-8.RHEL4.17.ia64.rpm 970aae2acb04f46f50d91a525c2c727e openssh-askpass-gnome-3.9p1-8.RHEL4.17.ia64.rpm 65265a283172a054b6c66e7e8303dbde openssh-clients-3.9p1-8.RHEL4.17.ia64.rpm 3a1f117ab1269433208906ffd21c27d2 openssh-debuginfo-3.9p1-8.RHEL4.17.ia64.rpm 3af550bd7f29dc20a66bf6073f78e838 openssh-server-3.9p1-8.RHEL4.17.ia64.rpm x86_64: 300fd86cea1f8687f1f48d202e850cb5 openssh-3.9p1-8.RHEL4.17.x86_64.rpm 025cfa10b241256c250c2a7bfac3bde3 openssh-askpass-3.9p1-8.RHEL4.17.x86_64.rpm 7abd38612b83c438dfc680a5e7c1b5fe openssh-askpass-gnome-3.9p1-8.RHEL4.17.x86_64.rpm fd7e4e3239444a616ff2d367a691a9a9 openssh-clients-3.9p1-8.RHEL4.17.x86_64.rpm 5dd99e55283d986fbbaca82c37d391ed openssh-debuginfo-3.9p1-8.RHEL4.17.x86_64.rpm 24a2f23edd250635204f8ad486ca6920 openssh-server-3.9p1-8.RHEL4.17.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openssh-3.9p1-8.RHEL4.17.src.rpm 51be48086e7c82696796fbf56aa8c71a openssh-3.9p1-8.RHEL4.17.src.rpm i386: c3cfd9ebdd59ec90049c011d957ae2f2 openssh-3.9p1-8.RHEL4.17.i386.rpm b77a94f1ae3fc9e8e3f0ac26614bd2ae openssh-askpass-3.9p1-8.RHEL4.17.i386.rpm d7d1ae6eea1617248a1dd94d5aebfc56 openssh-askpass-gnome-3.9p1-8.RHEL4.17.i386.rpm 88055f8b632235cb4f6c041c77426bb7 openssh-clients-3.9p1-8.RHEL4.17.i386.rpm a2e9e76ff1b7be50890a00f0164d4d13 openssh-debuginfo-3.9p1-8.RHEL4.17.i386.rpm 20e5ab164e2064fef4ee808eeca16e09 openssh-server-3.9p1-8.RHEL4.17.i386.rpm ia64: 45422334f78e143b6b2e4594eecdc4a2 openssh-3.9p1-8.RHEL4.17.ia64.rpm 97de282c9b352e9c7a939e9797a790c9 openssh-askpass-3.9p1-8.RHEL4.17.ia64.rpm 970aae2acb04f46f50d91a525c2c727e openssh-askpass-gnome-3.9p1-8.RHEL4.17.ia64.rpm 65265a283172a054b6c66e7e8303dbde openssh-clients-3.9p1-8.RHEL4.17.ia64.rpm 3a1f117ab1269433208906ffd21c27d2 openssh-debuginfo-3.9p1-8.RHEL4.17.ia64.rpm 3af550bd7f29dc20a66bf6073f78e838 openssh-server-3.9p1-8.RHEL4.17.ia64.rpm x86_64: 300fd86cea1f8687f1f48d202e850cb5 openssh-3.9p1-8.RHEL4.17.x86_64.rpm 025cfa10b241256c250c2a7bfac3bde3 openssh-askpass-3.9p1-8.RHEL4.17.x86_64.rpm 7abd38612b83c438dfc680a5e7c1b5fe openssh-askpass-gnome-3.9p1-8.RHEL4.17.x86_64.rpm fd7e4e3239444a616ff2d367a691a9a9 openssh-clients-3.9p1-8.RHEL4.17.x86_64.rpm 5dd99e55283d986fbbaca82c37d391ed openssh-debuginfo-3.9p1-8.RHEL4.17.x86_64.rpm 24a2f23edd250635204f8ad486ca6920 openssh-server-3.9p1-8.RHEL4.17.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFFHGiwXlSAg2UNWIIRAtnQAKCg+o2DzpMsDQMswq8m612in/4wOwCgtd89 CjWgYHkVCQKSKSlYwcZ4E9U= =0y2A - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: openssh security update Advisory ID: RHSA-2006:0698-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0698.html Issue date: 2006-09-28 Updated on: 2006-09-28 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-4924 CVE-2006-0225 CVE-2003-0386 CVE-2006-5051 - - --------------------------------------------------------------------- 1. Summary: Updated openssh packages that fix several security issues in sshd are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This package includes the core files necessary for both the OpenSSH client and server. Mark Dowd discovered a signal handler race condition in the OpenSSH sshd server. A remote attacker could possibly leverage this flaw to cause a denial of service (crash). (CVE-2006-5051) The OpenSSH project believes the likelihood of successful exploitation leading to arbitrary code execution appears remote. However, the Red Hat Security Response Team have not yet been able to verify this claim due to lack of upstream vulnerability information. We are therefore including a fix for this flaw and have rated it important security severity in the event our continued investigation finds this issue to be exploitable. Tavis Ormandy of the Google Security Team discovered a denial of service bug in the OpenSSH sshd server. A remote attacker can send a specially crafted SSH-1 request to the server causing sshd to consume a large quantity of CPU resources. (CVE-2006-4924) An arbitrary command execution flaw was discovered in the way scp copies files locally. It is possible for a local attacker to create a file with a carefully crafted name that could execute arbitrary commands as the user running scp to copy files locally. (CVE-2006-0225) The SSH daemon, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address. (CVE-2003-0386) All users of openssh should upgrade to these updated packages, which contain backported patches that resolve these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 174026 - CVE-2006-0225 local to local copy uses shell expansion twice 208248 - CVE-2003-0386 host based access bypass 208298 - CVE-2006-4924 openssh DoS 208430 - CVE-2006-5051 unsafe GSSAPI signal handler 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssh-3.1p1-21.src.rpm a62d73d72a85cd4f505498620728e2ee openssh-3.1p1-21.src.rpm i386: c504545a33a373c674f2dd2f2b0d16ef openssh-3.1p1-21.i386.rpm 9c6738a9b658806ab56f972dbe665933 openssh-askpass-3.1p1-21.i386.rpm fd049bc8f612922a0661bd3e435c7c31 openssh-askpass-gnome-3.1p1-21.i386.rpm e4e081840bcaad593b49f0bebdebaab1 openssh-clients-3.1p1-21.i386.rpm 33963303ac6d5e6bd0085c24cce7a442 openssh-server-3.1p1-21.i386.rpm ia64: b276261699adcb17f416e772b4e9be0c openssh-3.1p1-21.ia64.rpm 0799c0755a5ab6c535d30b8eae4c2f44 openssh-askpass-3.1p1-21.ia64.rpm 0b784feaf17e7f82a5370151b804ab1d openssh-askpass-gnome-3.1p1-21.ia64.rpm 5ee6cbd8bfc153ff3f588e11c825c20c openssh-clients-3.1p1-21.ia64.rpm e1852f54796b77c0a01bcb2f1557868d openssh-server-3.1p1-21.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssh-3.1p1-21.src.rpm a62d73d72a85cd4f505498620728e2ee openssh-3.1p1-21.src.rpm ia64: b276261699adcb17f416e772b4e9be0c openssh-3.1p1-21.ia64.rpm 0799c0755a5ab6c535d30b8eae4c2f44 openssh-askpass-3.1p1-21.ia64.rpm 0b784feaf17e7f82a5370151b804ab1d openssh-askpass-gnome-3.1p1-21.ia64.rpm 5ee6cbd8bfc153ff3f588e11c825c20c openssh-clients-3.1p1-21.ia64.rpm e1852f54796b77c0a01bcb2f1557868d openssh-server-3.1p1-21.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/openssh-3.1p1-21.src.rpm a62d73d72a85cd4f505498620728e2ee openssh-3.1p1-21.src.rpm i386: c504545a33a373c674f2dd2f2b0d16ef openssh-3.1p1-21.i386.rpm 9c6738a9b658806ab56f972dbe665933 openssh-askpass-3.1p1-21.i386.rpm fd049bc8f612922a0661bd3e435c7c31 openssh-askpass-gnome-3.1p1-21.i386.rpm e4e081840bcaad593b49f0bebdebaab1 openssh-clients-3.1p1-21.i386.rpm 33963303ac6d5e6bd0085c24cce7a442 openssh-server-3.1p1-21.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/openssh-3.1p1-21.src.rpm a62d73d72a85cd4f505498620728e2ee openssh-3.1p1-21.src.rpm i386: c504545a33a373c674f2dd2f2b0d16ef openssh-3.1p1-21.i386.rpm 9c6738a9b658806ab56f972dbe665933 openssh-askpass-3.1p1-21.i386.rpm fd049bc8f612922a0661bd3e435c7c31 openssh-askpass-gnome-3.1p1-21.i386.rpm e4e081840bcaad593b49f0bebdebaab1 openssh-clients-3.1p1-21.i386.rpm 33963303ac6d5e6bd0085c24cce7a442 openssh-server-3.1p1-21.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFFHGjSXlSAg2UNWIIRAlvdAJwJRCdZNYiCOYL/DIizSRxpWIwuqgCfdRdy 2JsBbu9ZXlOUwJMr2gmSjAE= =qIVE - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBRRxvnih9+71yA2DNAQLnwQP/ZvcvUjOHBMdSvuwYSuERqkeE/zPTw9HO OdhugThf6n2A0C9SvcZRyOu08epTafs4YI+aNtzSQhhdwBoFxZiGACploW2nigvx 9pXOa7Qwx/8ANBTqHLnUcjbKBIQc4ZfNPSAvhfd5S3xDGDPdwVSxyBsrEERgJWWz 7ptQeTUVbzY= =9OUh -----END PGP SIGNATURE-----