Updated OpenSSH packages are now available for Red Hat Linux 7, 7.1, and
7.2. These packages fix a vulnerability which exists when a
server is configured with the "UseLogin" option.
When the "UseLogin" option is enabled in OpenSSH, a malicious user who
authenticates using key-based authentication methods can influence the
environment variables passed to the login process. This could
allow the user to execute arbitrary code with superuser privileges.
In Red Hat Linux the OpenSSH server has the "UseLogin" option disabled
by default. Therefore, it is not vulnerable unless the system administrator
has changed this setting.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2001-0872 to this issue.
| Red Hat Linux 7.0 |
|
| SRPMS: |
openssh-2.9p2-11.7.src.rpm
File outdated by: RHSA-2002:127 |
a404df85b0bd8ee13544f27d8bc80e41 |
| |
| Alpha: |
openssh-2.9p2-11.7.alpha.rpm
File outdated by: RHSA-2002:127 |
9edc7fc8d4db042c391c9b569f06bbc6 |
openssh-askpass-2.9p2-11.7.alpha.rpm
File outdated by: RHSA-2002:127 |
e568631c7a7e0d4b73fe27053398cbe3 |
openssh-askpass-gnome-2.9p2-11.7.alpha.rpm
File outdated by: RHSA-2002:127 |
aa9fe70df6ea2fabdc7bcbb6ee18f77e |
openssh-clients-2.9p2-11.7.alpha.rpm
File outdated by: RHSA-2002:127 |
d6c8d8b029358c1035d063688ee9a29f |
openssh-server-2.9p2-11.7.alpha.rpm
File outdated by: RHSA-2002:127 |
a729bd387061f3fa437dfb7bcc44fc47 |
| |
| IA-32: |
openssh-2.9p2-11.7.i386.rpm
File outdated by: RHSA-2002:127 |
9032ed606510cb0647015ec25bcb8a65 |
openssh-askpass-2.9p2-11.7.i386.rpm
File outdated by: RHSA-2002:127 |
388f0ab300dd833c565381a161a2d469 |
openssh-askpass-gnome-2.9p2-11.7.i386.rpm
File outdated by: RHSA-2002:127 |
142f92df28c2ec27eafb56313190927e |
openssh-clients-2.9p2-11.7.i386.rpm
File outdated by: RHSA-2002:127 |
a8e73953e02df3277479a45c89284ad6 |
openssh-server-2.9p2-11.7.i386.rpm
File outdated by: RHSA-2002:127 |
6b87c6cb013cd3303432f1bf45326735 |
| |
| Red Hat Linux 7.1 |
|
| SRPMS: |
openssh-2.9p2-11.7.src.rpm
File outdated by: RHSA-2002:127 |
a404df85b0bd8ee13544f27d8bc80e41 |
| |
| Alpha: |
openssh-2.9p2-11.7.alpha.rpm
File outdated by: RHSA-2002:127 |
9edc7fc8d4db042c391c9b569f06bbc6 |
openssh-askpass-2.9p2-11.7.alpha.rpm
File outdated by: RHSA-2002:127 |
e568631c7a7e0d4b73fe27053398cbe3 |
openssh-askpass-gnome-2.9p2-11.7.alpha.rpm
File outdated by: RHSA-2002:127 |
aa9fe70df6ea2fabdc7bcbb6ee18f77e |
openssh-clients-2.9p2-11.7.alpha.rpm
File outdated by: RHSA-2002:127 |
d6c8d8b029358c1035d063688ee9a29f |
openssh-server-2.9p2-11.7.alpha.rpm
File outdated by: RHSA-2002:127 |
a729bd387061f3fa437dfb7bcc44fc47 |
| |
| IA-32: |
openssh-2.9p2-11.7.i386.rpm
File outdated by: RHSA-2003:279 |
9032ed606510cb0647015ec25bcb8a65 |
openssh-askpass-2.9p2-11.7.i386.rpm
File outdated by: RHSA-2003:279 |
388f0ab300dd833c565381a161a2d469 |
openssh-askpass-gnome-2.9p2-11.7.i386.rpm
File outdated by: RHSA-2003:279 |
142f92df28c2ec27eafb56313190927e |
openssh-clients-2.9p2-11.7.i386.rpm
File outdated by: RHSA-2003:279 |
a8e73953e02df3277479a45c89284ad6 |
openssh-server-2.9p2-11.7.i386.rpm
File outdated by: RHSA-2003:279 |
6b87c6cb013cd3303432f1bf45326735 |
| |
| IA-64: |
openssh-2.9p2-11.7.ia64.rpm
File outdated by: RHSA-2002:127 |
093fff2a546589e129afdf984b419173 |
openssh-askpass-2.9p2-11.7.ia64.rpm
File outdated by: RHSA-2002:127 |
a3531573d0dbe68ed548cff3f5de023c |
openssh-askpass-gnome-2.9p2-11.7.ia64.rpm
File outdated by: RHSA-2002:127 |
8cc6096f248bb13ef9eec2b31a71ccc7 |
openssh-clients-2.9p2-11.7.ia64.rpm
File outdated by: RHSA-2002:127 |
e842d4ba17ec0889e54730ad33e722e5 |
openssh-server-2.9p2-11.7.ia64.rpm
File outdated by: RHSA-2002:127 |
b8c3f281c2c7be14f71994d20205723b |
| |
| Red Hat Linux 7.2 |
|
| SRPMS: |
openssh-2.9p2-12.src.rpm
File outdated by: RHSA-2003:279 |
5f12c077bf40570dac9b950d83f1e960 |
| |
| IA-32: |
openssh-2.9p2-12.i386.rpm
File outdated by: RHSA-2003:279 |
1a11b675b6af99f9edffeef639825916 |
openssh-askpass-2.9p2-12.i386.rpm
File outdated by: RHSA-2003:279 |
850879609a667619c7e952fadca3063c |
openssh-askpass-gnome-2.9p2-12.i386.rpm
File outdated by: RHSA-2003:279 |
99620e435ce9d69c851e10695828eb80 |
openssh-clients-2.9p2-12.i386.rpm
File outdated by: RHSA-2003:279 |
ff3f8671339645ccbdfa65a03e4b4d09 |
openssh-server-2.9p2-12.i386.rpm
File outdated by: RHSA-2003:279 |
199895daa920eac36c2567ced3c70e9b |
| |
| s390: |
ftp://updates.redhat.com/7.2/en/os/s390/openssh-2.9p2-12.s390.rpm
Missing file |
ff3471022d882689493a5bc330a85b1c |
ftp://updates.redhat.com/7.2/en/os/s390/openssh-askpass-2.9p2-12.s390.rpm
Missing file |
f6f09e32bcbee409e7f04c47e3e724f8 |
ftp://updates.redhat.com/7.2/en/os/s390/openssh-askpass-gnome-2.9p2-12.s390.rpm
Missing file |
ad266950d29e42d128a0d3e727d01913 |
ftp://updates.redhat.com/7.2/en/os/s390/openssh-clients-2.9p2-12.s390.rpm
Missing file |
86f6bcb8166947161bc082f4087564c6 |
ftp://updates.redhat.com/7.2/en/os/s390/openssh-server-2.9p2-12.s390.rpm
Missing file |
26f739c35bee9635e8c4add1ae3733ce |
| |