Bug Fix Advisory openssh bug fix update

Advisory: RHBA-2008:0709-2
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2008-07-24
Last updated on: 2008-07-24
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
OVAL: N/A

Details

Updated openssh packages that resolve several issues are now available.

OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. These
packages include the core files necessary for both the OpenSSH client and
server.

These updated openssh packages provide fixes for the following bugs:

* the ssh server would abort authentication of the client when the user's
authorized_keys file was corrupted. This fixed package now allows
authentication to proceed using other enabled methods.

* the scp (secure copy) manual page was improved to describe the behavior
when copying files to a destination.

All users of openssh are advised to upgrade to these updated packages,
which resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 4)
SRPMS:
openssh-3.9p1-9.el4.src.rpm
File outdated by:  RHSA-2008:0855		     d8d4a7cef8b306421f4a695e171a5a50
 
IA-32:
openssh-3.9p1-9.el4.i386.rpm
File outdated by:  RHSA-2008:0855		     25ec7feafbe5b7a3d3d6516bd053e97a
openssh-askpass-3.9p1-9.el4.i386.rpm
File outdated by:  RHSA-2008:0855		     3fbf90a907b0111a08f14c758c372a0e
openssh-askpass-gnome-3.9p1-9.el4.i386.rpm
File outdated by:  RHSA-2008:0855		     4c120d069fdfc3e21fdff893fa842f30
openssh-clients-3.9p1-9.el4.i386.rpm
File outdated by:  RHSA-2008:0855		     6078bad20b9ab9e5a0e7e49bbf085262
openssh-server-3.9p1-9.el4.i386.rpm
File outdated by:  RHSA-2008:0855		     3f8563bd0c2d1a32a86de3dfc77385a3
 
x86_64:
openssh-3.9p1-9.el4.x86_64.rpm
File outdated by:  RHSA-2008:0855		     8a722b31bef588ca5bb3275ce2857018
openssh-askpass-3.9p1-9.el4.x86_64.rpm
File outdated by:  RHSA-2008:0855		     c41326e0d1e541838815bce5e1997640
openssh-askpass-gnome-3.9p1-9.el4.x86_64.rpm
File outdated by:  RHSA-2008:0855		     3960274fa96b3d648d62ce25d18d22b2
openssh-clients-3.9p1-9.el4.x86_64.rpm
File outdated by:  RHSA-2008:0855		     df8be21afa6345eb1eb46c9627f5ce82
openssh-server-3.9p1-9.el4.x86_64.rpm
File outdated by:  RHSA-2008:0855		     bf60f5900b32fd95c801fcba1c776cb1
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
openssh-3.9p1-9.el4.src.rpm
File outdated by:  RHSA-2008:0855		     d8d4a7cef8b306421f4a695e171a5a50
 
IA-32:
openssh-3.9p1-9.el4.i386.rpm
File outdated by:  RHSA-2008:0855		     25ec7feafbe5b7a3d3d6516bd053e97a
openssh-askpass-3.9p1-9.el4.i386.rpm
File outdated by:  RHSA-2008:0855		     3fbf90a907b0111a08f14c758c372a0e
openssh-askpass-gnome-3.9p1-9.el4.i386.rpm
File outdated by:  RHSA-2008:0855		     4c120d069fdfc3e21fdff893fa842f30
openssh-clients-3.9p1-9.el4.i386.rpm
File outdated by:  RHSA-2008:0855		     6078bad20b9ab9e5a0e7e49bbf085262
openssh-server-3.9p1-9.el4.i386.rpm
File outdated by:  RHSA-2008:0855		     3f8563bd0c2d1a32a86de3dfc77385a3
 
IA-64:
openssh-3.9p1-9.el4.ia64.rpm
File outdated by:  RHSA-2008:0855		     6648c8e6a5fe31229e7718ca411d2005
openssh-askpass-3.9p1-9.el4.ia64.rpm
File outdated by:  RHSA-2008:0855		     f502ba7f67b99548435c9b4d372968ef
openssh-askpass-gnome-3.9p1-9.el4.ia64.rpm
File outdated by:  RHSA-2008:0855		     50c08d8bfe31a901bb7eaac79dcd2e26
openssh-clients-3.9p1-9.el4.ia64.rpm
File outdated by:  RHSA-2008:0855		     aea298dfc89d04e55258b277f9ba10b4
openssh-server-3.9p1-9.el4.ia64.rpm
File outdated by:  RHSA-2008:0855		     d229ec0a09d3d7d2bd25dfde4755d81d
 
PPC:
openssh-3.9p1-9.el4.ppc.rpm
File outdated by:  RHSA-2008:0855		     f163d9b7a12bc7048ffe6c4abf8a05cf
openssh-askpass-3.9p1-9.el4.ppc.rpm
File outdated by:  RHSA-2008:0855		     27d7b4e8c6be50342434d7f622ec5f7b
openssh-askpass-gnome-3.9p1-9.el4.ppc.rpm
File outdated by:  RHSA-2008:0855		     7e81ba24246a40f88c1d2009548cefb7
openssh-clients-3.9p1-9.el4.ppc.rpm
File outdated by:  RHSA-2008:0855		     acb2cc93c6c36a0d8d0f5a8aa5622a84
openssh-server-3.9p1-9.el4.ppc.rpm
File outdated by:  RHSA-2008:0855		     1aad302b42427446bbc131dab2216784
 
s390:
openssh-3.9p1-9.el4.s390.rpm
File outdated by:  RHSA-2008:0855		     4aeccd24f5817dadc2b373e234a48015
openssh-askpass-3.9p1-9.el4.s390.rpm
File outdated by:  RHSA-2008:0855		     5466948070f69367c48489426ccd3b8d
openssh-askpass-gnome-3.9p1-9.el4.s390.rpm
File outdated by:  RHSA-2008:0855		     ed438b6e063966e12b27443729034eac
openssh-clients-3.9p1-9.el4.s390.rpm
File outdated by:  RHSA-2008:0855		     7d22d08fd3ef83a365e760eef068432d
openssh-server-3.9p1-9.el4.s390.rpm
File outdated by:  RHSA-2008:0855		     22312d95f9297bc21c84f23724d85d24
 
s390x:
openssh-3.9p1-9.el4.s390x.rpm
File outdated by:  RHSA-2008:0855		     43cc4b0920801093ca5e9e51628024e8
openssh-askpass-3.9p1-9.el4.s390x.rpm
File outdated by:  RHSA-2008:0855		     ec2a29a4939e1853dac1714feb3d8cea
openssh-askpass-gnome-3.9p1-9.el4.s390x.rpm
File outdated by:  RHSA-2008:0855		     f8c843a9b1899f40e7e7f34e8b35562b
openssh-clients-3.9p1-9.el4.s390x.rpm
File outdated by:  RHSA-2008:0855		     fac62bb4dbd508c783eba32da7f1e781
openssh-server-3.9p1-9.el4.s390x.rpm
File outdated by:  RHSA-2008:0855		     594e08935feceb5cba75f8bc78748caa
 
x86_64:
openssh-3.9p1-9.el4.x86_64.rpm
File outdated by:  RHSA-2008:0855		     8a722b31bef588ca5bb3275ce2857018
openssh-askpass-3.9p1-9.el4.x86_64.rpm
File outdated by:  RHSA-2008:0855		     c41326e0d1e541838815bce5e1997640
openssh-askpass-gnome-3.9p1-9.el4.x86_64.rpm
File outdated by:  RHSA-2008:0855		     3960274fa96b3d648d62ce25d18d22b2
openssh-clients-3.9p1-9.el4.x86_64.rpm
File outdated by:  RHSA-2008:0855		     df8be21afa6345eb1eb46c9627f5ce82
openssh-server-3.9p1-9.el4.x86_64.rpm
File outdated by:  RHSA-2008:0855		     bf60f5900b32fd95c801fcba1c776cb1
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
openssh-3.9p1-9.el4.src.rpm
File outdated by:  RHSA-2008:0855		     d8d4a7cef8b306421f4a695e171a5a50
 
IA-32:
openssh-3.9p1-9.el4.i386.rpm
File outdated by:  RHSA-2008:0855		     25ec7feafbe5b7a3d3d6516bd053e97a
openssh-askpass-3.9p1-9.el4.i386.rpm
File outdated by:  RHSA-2008:0855		     3fbf90a907b0111a08f14c758c372a0e
openssh-askpass-gnome-3.9p1-9.el4.i386.rpm
File outdated by:  RHSA-2008:0855		     4c120d069fdfc3e21fdff893fa842f30
openssh-clients-3.9p1-9.el4.i386.rpm
File outdated by:  RHSA-2008:0855		     6078bad20b9ab9e5a0e7e49bbf085262
openssh-server-3.9p1-9.el4.i386.rpm
File outdated by:  RHSA-2008:0855		     3f8563bd0c2d1a32a86de3dfc77385a3
 
IA-64:
openssh-3.9p1-9.el4.ia64.rpm
File outdated by:  RHSA-2008:0855		     6648c8e6a5fe31229e7718ca411d2005
openssh-askpass-3.9p1-9.el4.ia64.rpm
File outdated by:  RHSA-2008:0855		     f502ba7f67b99548435c9b4d372968ef
openssh-askpass-gnome-3.9p1-9.el4.ia64.rpm
File outdated by:  RHSA-2008:0855		     50c08d8bfe31a901bb7eaac79dcd2e26
openssh-clients-3.9p1-9.el4.ia64.rpm
File outdated by:  RHSA-2008:0855		     aea298dfc89d04e55258b277f9ba10b4
openssh-server-3.9p1-9.el4.ia64.rpm
File outdated by:  RHSA-2008:0855		     d229ec0a09d3d7d2bd25dfde4755d81d
 
x86_64:
openssh-3.9p1-9.el4.x86_64.rpm
File outdated by:  RHSA-2008:0855		     8a722b31bef588ca5bb3275ce2857018
openssh-askpass-3.9p1-9.el4.x86_64.rpm
File outdated by:  RHSA-2008:0855		     c41326e0d1e541838815bce5e1997640
openssh-askpass-gnome-3.9p1-9.el4.x86_64.rpm
File outdated by:  RHSA-2008:0855		     3960274fa96b3d648d62ce25d18d22b2
openssh-clients-3.9p1-9.el4.x86_64.rpm
File outdated by:  RHSA-2008:0855		     df8be21afa6345eb1eb46c9627f5ce82
openssh-server-3.9p1-9.el4.x86_64.rpm
File outdated by:  RHSA-2008:0855		     bf60f5900b32fd95c801fcba1c776cb1
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
openssh-3.9p1-9.el4.src.rpm
File outdated by:  RHSA-2008:0855		     d8d4a7cef8b306421f4a695e171a5a50
 
IA-32:
openssh-3.9p1-9.el4.i386.rpm
File outdated by:  RHSA-2008:0855		     25ec7feafbe5b7a3d3d6516bd053e97a
openssh-askpass-3.9p1-9.el4.i386.rpm
File outdated by:  RHSA-2008:0855		     3fbf90a907b0111a08f14c758c372a0e
openssh-askpass-gnome-3.9p1-9.el4.i386.rpm
File outdated by:  RHSA-2008:0855		     4c120d069fdfc3e21fdff893fa842f30
openssh-clients-3.9p1-9.el4.i386.rpm
File outdated by:  RHSA-2008:0855		     6078bad20b9ab9e5a0e7e49bbf085262
openssh-server-3.9p1-9.el4.i386.rpm
File outdated by:  RHSA-2008:0855		     3f8563bd0c2d1a32a86de3dfc77385a3
 
IA-64:
openssh-3.9p1-9.el4.ia64.rpm
File outdated by:  RHSA-2008:0855		     6648c8e6a5fe31229e7718ca411d2005
openssh-askpass-3.9p1-9.el4.ia64.rpm
File outdated by:  RHSA-2008:0855		     f502ba7f67b99548435c9b4d372968ef
openssh-askpass-gnome-3.9p1-9.el4.ia64.rpm
File outdated by:  RHSA-2008:0855		     50c08d8bfe31a901bb7eaac79dcd2e26
openssh-clients-3.9p1-9.el4.ia64.rpm
File outdated by:  RHSA-2008:0855		     aea298dfc89d04e55258b277f9ba10b4
openssh-server-3.9p1-9.el4.ia64.rpm
File outdated by:  RHSA-2008:0855		     d229ec0a09d3d7d2bd25dfde4755d81d
 
x86_64:
openssh-3.9p1-9.el4.x86_64.rpm
File outdated by:  RHSA-2008:0855		     8a722b31bef588ca5bb3275ce2857018
openssh-askpass-3.9p1-9.el4.x86_64.rpm
File outdated by:  RHSA-2008:0855		     c41326e0d1e541838815bce5e1997640
openssh-askpass-gnome-3.9p1-9.el4.x86_64.rpm
File outdated by:  RHSA-2008:0855		     3960274fa96b3d648d62ce25d18d22b2
openssh-clients-3.9p1-9.el4.x86_64.rpm
File outdated by:  RHSA-2008:0855		     df8be21afa6345eb1eb46c9627f5ce82
openssh-server-3.9p1-9.el4.x86_64.rpm
File outdated by:  RHSA-2008:0855		     bf60f5900b32fd95c801fcba1c776cb1
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

426596 - Slight addition to the "scp" man page
432642 - When authorized_keys is incorrect, sshd avoids other authentication methods, including password.


Keywords

abort, authentication, authorized_keys, key, public

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/