Security Advisory Critical: openssh security update

Advisory: RHSA-2008:0855-6
Type: Security Advisory
Severity: Critical
Issued on: 2008-08-22
Last updated on: 2008-08-22
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.5.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.5.z)
Red Hat Enterprise Linux WS (v. 4)
OVAL: com.redhat.rhsa-20080855.xml
CVEs (cve.mitre.org): CVE-2007-4752
CVE-2008-3844

Details

Updated openssh packages are now available for Red Hat Enterprise Linux 4,
Red Hat Enterprise Linux 5, and Red Hat Enterprise Linux 4.5 Extended
Update Support.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation.

Last week Red Hat detected an intrusion on certain of its computer systems
and took immediate action. While the investigation into the intrusion is
on-going, our initial focus was to review and test the distribution
channel we use with our customers, Red Hat Network (RHN) and its associated
security measures. Based on these efforts, we remain highly confident that
our systems and processes prevented the intrusion from compromising RHN or
the content distributed via RHN and accordingly believe that customers who
keep their systems updated using Red Hat Network are not at risk. We are
issuing this alert primarily for those who may obtain Red Hat binary
packages via channels other than those of official Red Hat subscribers.

In connection with the incident, the intruder was able to sign a small
number of OpenSSH packages relating only to Red Hat Enterprise Linux 4
(i386 and x86_64 architectures only) and Red Hat Enterprise Linux 5 (x86_64
architecture only). As a precautionary measure, we are releasing an
updated version of these packages, and have published a list of the
tampered packages and how to detect them at
http://www.redhat.com/security/data/openssh-blacklist.html

To reiterate, our processes and efforts to date indicate that packages
obtained by Red Hat Enterprise Linux subscribers via Red Hat Network are
not at risk.

These packages also fix a low severity flaw in the way ssh handles X11
cookies when creating X11 forwarding connections. When ssh was unable to
create untrusted cookie, ssh used a trusted cookie instead, possibly
allowing the administrative user of a untrusted remote server, or untrusted
application run on the remote server, to gain unintended access to a users
local X server. (CVE-2007-4752)


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 4)
SRPMS:
openssh-3.9p1-11.el4_7.src.rpm     f304fb1e487ff288c58c8ba145522260
 
IA-32:
openssh-3.9p1-11.el4_7.i386.rpm     a3745b401b8bf799995f538664dc5410
openssh-askpass-3.9p1-11.el4_7.i386.rpm     46a57c34b0622b707d43b7a6f6c7f78f
openssh-askpass-gnome-3.9p1-11.el4_7.i386.rpm     2388390ef6e6de4cbd81a80b2113f83f
openssh-clients-3.9p1-11.el4_7.i386.rpm     8a9be029b461791fa76ad5579b3a16a4
openssh-server-3.9p1-11.el4_7.i386.rpm     e56217ce16770762e3fa21774c1de76b
 
x86_64:
openssh-3.9p1-11.el4_7.x86_64.rpm     8b1ad8f4b1fe14374a21125d611764cc
openssh-askpass-3.9p1-11.el4_7.x86_64.rpm     622b19c35678698a9603a97fd086d949
openssh-askpass-gnome-3.9p1-11.el4_7.x86_64.rpm     1968d276a2d706815823836e68255ecf
openssh-clients-3.9p1-11.el4_7.x86_64.rpm     daed1dac216199e66bf9931efe238775
openssh-server-3.9p1-11.el4_7.x86_64.rpm     d4075dbe534d6ec4c5deb56d26e83cf9
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
openssh-4.3p2-26.el5_2.1.src.rpm     61827881d43a6f3a5072de9638a7e4f8
 
IA-32:
openssh-4.3p2-26.el5_2.1.i386.rpm     85a5393d6aea46770d5c98f52df57f1b
openssh-askpass-4.3p2-26.el5_2.1.i386.rpm     8fdb0b9008283a439936a59841033bdf
openssh-clients-4.3p2-26.el5_2.1.i386.rpm     5dd2e639064a40c20d274325f074c68d
openssh-server-4.3p2-26.el5_2.1.i386.rpm     851e2daf6d1e05d55a9128ecb7669b8a
 
IA-64:
openssh-4.3p2-26.el5_2.1.ia64.rpm     39e09ad473f5b9d33d63434382d7fd11
openssh-askpass-4.3p2-26.el5_2.1.ia64.rpm     ba23caf23586057b159f684b9a840d46
openssh-clients-4.3p2-26.el5_2.1.ia64.rpm     e36e7cf756150d87e5dae6529139f708
openssh-server-4.3p2-26.el5_2.1.ia64.rpm     e1465beb1ff34f83ef4363785ae6fa8e
 
PPC:
openssh-4.3p2-26.el5_2.1.ppc.rpm     74addaaa7e16369fbca0755751c8f8ec
openssh-askpass-4.3p2-26.el5_2.1.ppc.rpm     d98649e557f30b7a0ab8068707144606
openssh-clients-4.3p2-26.el5_2.1.ppc.rpm     7a0990ce21eed0ef39d25dea1a74a23a
openssh-server-4.3p2-26.el5_2.1.ppc.rpm     84d4187f9465ab3a0fb7953b15b356e5
 
s390x:
openssh-4.3p2-26.el5_2.1.s390x.rpm     12b68257fc37784e744591d064d5c719
openssh-askpass-4.3p2-26.el5_2.1.s390x.rpm     2278ac4619fe16785d2e6427efb34d87
openssh-clients-4.3p2-26.el5_2.1.s390x.rpm     41e1b8e3256fa8e172d78f1be169926a
openssh-server-4.3p2-26.el5_2.1.s390x.rpm     d8a848791761b53803476c92f24aa96e
 
x86_64:
openssh-4.3p2-26.el5_2.1.x86_64.rpm     3ceed19221eb1ed06197567b59671777
openssh-askpass-4.3p2-26.el5_2.1.x86_64.rpm     1339ea81c34ef44df71415777ed22007
openssh-clients-4.3p2-26.el5_2.1.x86_64.rpm     3fb6de8242dc79caa64bcf086fa853df
openssh-server-4.3p2-26.el5_2.1.x86_64.rpm     b9492b17ea51e6a5faab054aa755e4a1
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
openssh-3.9p1-11.el4_7.src.rpm     f304fb1e487ff288c58c8ba145522260
 
IA-32:
openssh-3.9p1-11.el4_7.i386.rpm     a3745b401b8bf799995f538664dc5410
openssh-askpass-3.9p1-11.el4_7.i386.rpm     46a57c34b0622b707d43b7a6f6c7f78f
openssh-askpass-gnome-3.9p1-11.el4_7.i386.rpm     2388390ef6e6de4cbd81a80b2113f83f
openssh-clients-3.9p1-11.el4_7.i386.rpm     8a9be029b461791fa76ad5579b3a16a4
openssh-server-3.9p1-11.el4_7.i386.rpm     e56217ce16770762e3fa21774c1de76b
 
IA-64:
openssh-3.9p1-11.el4_7.ia64.rpm     bfadc08c479f7e3a472fc231de99f875
openssh-askpass-3.9p1-11.el4_7.ia64.rpm     323b31dee9d7c3ed817849217e9230a2
openssh-askpass-gnome-3.9p1-11.el4_7.ia64.rpm     8abf2ebb5cfc2077573664fda4878a07
openssh-clients-3.9p1-11.el4_7.ia64.rpm     24d2df09a5c3424393e2f60d0dab21f7
openssh-server-3.9p1-11.el4_7.ia64.rpm     be71a22f9998075e52f807ac52b526ea
 
PPC:
openssh-3.9p1-11.el4_7.ppc.rpm     c2ff5d24d3f0a47874469234ca517ab9
openssh-askpass-3.9p1-11.el4_7.ppc.rpm     0ff871ce740ddb80cdf306b6a851ae1a
openssh-askpass-gnome-3.9p1-11.el4_7.ppc.rpm     9934ea584f4f971d97af25a570e871e8
openssh-clients-3.9p1-11.el4_7.ppc.rpm     2478925b2528f7db51d4647cb520632e
openssh-server-3.9p1-11.el4_7.ppc.rpm     bb302cc799a56ec1775dd090791f6f4b
 
s390:
openssh-3.9p1-11.el4_7.s390.rpm     4e816787e1de1205f892b4326c0765d0
openssh-askpass-3.9p1-11.el4_7.s390.rpm     bbdb4b69a87f767667b4c70786de6c1a
openssh-askpass-gnome-3.9p1-11.el4_7.s390.rpm     e8e413497ca2220c9187aef1fda652b7
openssh-clients-3.9p1-11.el4_7.s390.rpm     01ff12db9ec3bc8106d988780ac1c481
openssh-server-3.9p1-11.el4_7.s390.rpm     f1e82aa9a506fbc4cb3562babf765dc3
 
s390x:
openssh-3.9p1-11.el4_7.s390x.rpm     5d5cefb247474d391925413276ff7adb
openssh-askpass-3.9p1-11.el4_7.s390x.rpm     01bc38e43b7b8a989ede5b66f91a6c21
openssh-askpass-gnome-3.9p1-11.el4_7.s390x.rpm     125027a839c387328d5fa982529852e7
openssh-clients-3.9p1-11.el4_7.s390x.rpm     0676d2fe02d8c944e76b9485f36d9c8a
openssh-server-3.9p1-11.el4_7.s390x.rpm     4033374e14e64e2c0a1e79bb9e25c746
 
x86_64:
openssh-3.9p1-11.el4_7.x86_64.rpm     8b1ad8f4b1fe14374a21125d611764cc
openssh-askpass-3.9p1-11.el4_7.x86_64.rpm     622b19c35678698a9603a97fd086d949
openssh-askpass-gnome-3.9p1-11.el4_7.x86_64.rpm     1968d276a2d706815823836e68255ecf
openssh-clients-3.9p1-11.el4_7.x86_64.rpm     daed1dac216199e66bf9931efe238775
openssh-server-3.9p1-11.el4_7.x86_64.rpm     d4075dbe534d6ec4c5deb56d26e83cf9
 
Red Hat Enterprise Linux AS (v. 4.5.z)
SRPMS:
openssh-3.9p1-10.RHEL4.20.src.rpm     90acbb4ac1d221875b245bd510710a8f
 
IA-32:
openssh-3.9p1-10.RHEL4.20.i386.rpm     8771c57236923ab78aee06b170522e79
openssh-askpass-3.9p1-10.RHEL4.20.i386.rpm     c4adbf61762339ed707a616e37d93a18
openssh-askpass-gnome-3.9p1-10.RHEL4.20.i386.rpm     12bcdfa97bbadf66ce0c68f113cb14f3
openssh-clients-3.9p1-10.RHEL4.20.i386.rpm     bbb7aeee28e71eba8482a991fcb78c22
openssh-server-3.9p1-10.RHEL4.20.i386.rpm     9ccea50d8435a15c4ed2c1a67f51ddaf
 
IA-64:
openssh-3.9p1-10.RHEL4.20.ia64.rpm     95ca17a63ef3cf223ca8eb8295b2a784
openssh-askpass-3.9p1-10.RHEL4.20.ia64.rpm     61c94dc386402c614a9823f1a8c02894
openssh-askpass-gnome-3.9p1-10.RHEL4.20.ia64.rpm     4c558d84fc7f2fa2ba693c732065cf34
openssh-clients-3.9p1-10.RHEL4.20.ia64.rpm     ee989f269ae87cb4db5ac05415764e9c
openssh-server-3.9p1-10.RHEL4.20.ia64.rpm     1b4bc6923f83acd35a397f07c7818ad6
 
PPC:
openssh-3.9p1-10.RHEL4.20.ppc.rpm     71f729243c0a45fae9f66480a3e06420
openssh-askpass-3.9p1-10.RHEL4.20.ppc.rpm     ffd789ef66be0099d0cf4ff6f52f1fd4
openssh-askpass-gnome-3.9p1-10.RHEL4.20.ppc.rpm     136d25e3fe14fb12d7bdb821bb5a9585
openssh-clients-3.9p1-10.RHEL4.20.ppc.rpm     44dd13d17e3fa9a1c430f112ca2fe9c2
openssh-server-3.9p1-10.RHEL4.20.ppc.rpm     a18f6dbc4749cdb466df3ba520bd49d0
 
s390:
openssh-3.9p1-10.RHEL4.20.s390.rpm     bc14021c30b34afa79ca917328ebc2c2
openssh-askpass-3.9p1-10.RHEL4.20.s390.rpm     5b6227309870e84f6158c9adc398c254
openssh-askpass-gnome-3.9p1-10.RHEL4.20.s390.rpm     404f2b49892af3456627fbf6ba551d76
openssh-clients-3.9p1-10.RHEL4.20.s390.rpm     4d3887bf38b1017f534ac0405716d72e
openssh-server-3.9p1-10.RHEL4.20.s390.rpm     3ba159171cf28bbb273def9671d5bfa8
 
s390x:
openssh-3.9p1-10.RHEL4.20.s390x.rpm     1ba5feb359ff0e2ffcabdc925275c4ce
openssh-askpass-3.9p1-10.RHEL4.20.s390x.rpm     6e81efea41e82890b4a5793b251fb29b
openssh-askpass-gnome-3.9p1-10.RHEL4.20.s390x.rpm     78ed6cef54cf40883db0b900751b39f8
openssh-clients-3.9p1-10.RHEL4.20.s390x.rpm     5d2ff3ae9a36c38d7a2c98f1b259b354
openssh-server-3.9p1-10.RHEL4.20.s390x.rpm     22a4cf17358c27b17027a59f1ceb3a3c
 
x86_64:
openssh-3.9p1-10.RHEL4.20.x86_64.rpm     a6d33ef928776fd968316e1a261973de
openssh-askpass-3.9p1-10.RHEL4.20.x86_64.rpm     cbe186f0649e041cf59ad756961839fc
openssh-askpass-gnome-3.9p1-10.RHEL4.20.x86_64.rpm     f6de144683ac37b755ae3c71993cd517
openssh-clients-3.9p1-10.RHEL4.20.x86_64.rpm     7daa859c029ea67a8126cda891e1ef12
openssh-server-3.9p1-10.RHEL4.20.x86_64.rpm     4a6e73d35d94d59918daee95f4076bc9
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
openssh-4.3p2-26.el5_2.1.src.rpm     61827881d43a6f3a5072de9638a7e4f8
 
IA-32:
openssh-4.3p2-26.el5_2.1.i386.rpm     85a5393d6aea46770d5c98f52df57f1b
openssh-askpass-4.3p2-26.el5_2.1.i386.rpm     8fdb0b9008283a439936a59841033bdf
openssh-clients-4.3p2-26.el5_2.1.i386.rpm     5dd2e639064a40c20d274325f074c68d
openssh-server-4.3p2-26.el5_2.1.i386.rpm     851e2daf6d1e05d55a9128ecb7669b8a
 
x86_64:
openssh-4.3p2-26.el5_2.1.x86_64.rpm     3ceed19221eb1ed06197567b59671777
openssh-askpass-4.3p2-26.el5_2.1.x86_64.rpm     1339ea81c34ef44df71415777ed22007
openssh-clients-4.3p2-26.el5_2.1.x86_64.rpm     3fb6de8242dc79caa64bcf086fa853df
openssh-server-4.3p2-26.el5_2.1.x86_64.rpm     b9492b17ea51e6a5faab054aa755e4a1
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
openssh-3.9p1-11.el4_7.src.rpm     f304fb1e487ff288c58c8ba145522260
 
IA-32:
openssh-3.9p1-11.el4_7.i386.rpm     a3745b401b8bf799995f538664dc5410
openssh-askpass-3.9p1-11.el4_7.i386.rpm     46a57c34b0622b707d43b7a6f6c7f78f
openssh-askpass-gnome-3.9p1-11.el4_7.i386.rpm     2388390ef6e6de4cbd81a80b2113f83f
openssh-clients-3.9p1-11.el4_7.i386.rpm     8a9be029b461791fa76ad5579b3a16a4
openssh-server-3.9p1-11.el4_7.i386.rpm     e56217ce16770762e3fa21774c1de76b
 
IA-64:
openssh-3.9p1-11.el4_7.ia64.rpm     bfadc08c479f7e3a472fc231de99f875
openssh-askpass-3.9p1-11.el4_7.ia64.rpm     323b31dee9d7c3ed817849217e9230a2
openssh-askpass-gnome-3.9p1-11.el4_7.ia64.rpm     8abf2ebb5cfc2077573664fda4878a07
openssh-clients-3.9p1-11.el4_7.ia64.rpm     24d2df09a5c3424393e2f60d0dab21f7
openssh-server-3.9p1-11.el4_7.ia64.rpm     be71a22f9998075e52f807ac52b526ea
 
x86_64:
openssh-3.9p1-11.el4_7.x86_64.rpm     8b1ad8f4b1fe14374a21125d611764cc
openssh-askpass-3.9p1-11.el4_7.x86_64.rpm     622b19c35678698a9603a97fd086d949
openssh-askpass-gnome-3.9p1-11.el4_7.x86_64.rpm     1968d276a2d706815823836e68255ecf
openssh-clients-3.9p1-11.el4_7.x86_64.rpm     daed1dac216199e66bf9931efe238775
openssh-server-3.9p1-11.el4_7.x86_64.rpm     d4075dbe534d6ec4c5deb56d26e83cf9
 
Red Hat Enterprise Linux ES (v. 4.5.z)
SRPMS:
openssh-3.9p1-10.RHEL4.20.src.rpm     90acbb4ac1d221875b245bd510710a8f
 
IA-32:
openssh-3.9p1-10.RHEL4.20.i386.rpm     8771c57236923ab78aee06b170522e79
openssh-askpass-3.9p1-10.RHEL4.20.i386.rpm     c4adbf61762339ed707a616e37d93a18
openssh-askpass-gnome-3.9p1-10.RHEL4.20.i386.rpm     12bcdfa97bbadf66ce0c68f113cb14f3
openssh-clients-3.9p1-10.RHEL4.20.i386.rpm     bbb7aeee28e71eba8482a991fcb78c22
openssh-server-3.9p1-10.RHEL4.20.i386.rpm     9ccea50d8435a15c4ed2c1a67f51ddaf
 
IA-64:
openssh-3.9p1-10.RHEL4.20.ia64.rpm     95ca17a63ef3cf223ca8eb8295b2a784
openssh-askpass-3.9p1-10.RHEL4.20.ia64.rpm     61c94dc386402c614a9823f1a8c02894
openssh-askpass-gnome-3.9p1-10.RHEL4.20.ia64.rpm     4c558d84fc7f2fa2ba693c732065cf34
openssh-clients-3.9p1-10.RHEL4.20.ia64.rpm     ee989f269ae87cb4db5ac05415764e9c
openssh-server-3.9p1-10.RHEL4.20.ia64.rpm     1b4bc6923f83acd35a397f07c7818ad6
 
x86_64:
openssh-3.9p1-10.RHEL4.20.x86_64.rpm     a6d33ef928776fd968316e1a261973de
openssh-askpass-3.9p1-10.RHEL4.20.x86_64.rpm     cbe186f0649e041cf59ad756961839fc
openssh-askpass-gnome-3.9p1-10.RHEL4.20.x86_64.rpm     f6de144683ac37b755ae3c71993cd517
openssh-clients-3.9p1-10.RHEL4.20.x86_64.rpm     7daa859c029ea67a8126cda891e1ef12
openssh-server-3.9p1-10.RHEL4.20.x86_64.rpm     4a6e73d35d94d59918daee95f4076bc9
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
openssh-3.9p1-11.el4_7.src.rpm     f304fb1e487ff288c58c8ba145522260
 
IA-32:
openssh-3.9p1-11.el4_7.i386.rpm     a3745b401b8bf799995f538664dc5410
openssh-askpass-3.9p1-11.el4_7.i386.rpm     46a57c34b0622b707d43b7a6f6c7f78f
openssh-askpass-gnome-3.9p1-11.el4_7.i386.rpm     2388390ef6e6de4cbd81a80b2113f83f
openssh-clients-3.9p1-11.el4_7.i386.rpm     8a9be029b461791fa76ad5579b3a16a4
openssh-server-3.9p1-11.el4_7.i386.rpm     e56217ce16770762e3fa21774c1de76b
 
IA-64:
openssh-3.9p1-11.el4_7.ia64.rpm     bfadc08c479f7e3a472fc231de99f875
openssh-askpass-3.9p1-11.el4_7.ia64.rpm     323b31dee9d7c3ed817849217e9230a2
openssh-askpass-gnome-3.9p1-11.el4_7.ia64.rpm     8abf2ebb5cfc2077573664fda4878a07
openssh-clients-3.9p1-11.el4_7.ia64.rpm     24d2df09a5c3424393e2f60d0dab21f7
openssh-server-3.9p1-11.el4_7.ia64.rpm     be71a22f9998075e52f807ac52b526ea
 
x86_64:
openssh-3.9p1-11.el4_7.x86_64.rpm     8b1ad8f4b1fe14374a21125d611764cc
openssh-askpass-3.9p1-11.el4_7.x86_64.rpm     622b19c35678698a9603a97fd086d949
openssh-askpass-gnome-3.9p1-11.el4_7.x86_64.rpm     1968d276a2d706815823836e68255ecf
openssh-clients-3.9p1-11.el4_7.x86_64.rpm     daed1dac216199e66bf9931efe238775
openssh-server-3.9p1-11.el4_7.x86_64.rpm     d4075dbe534d6ec4c5deb56d26e83cf9
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

280361 - CVE-2007-4752 openssh falls back to the trusted x11 cookie if generation of an untrusted cookie fails


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3844
http://www.redhat.com/security/data/openssh-blacklist.html
http://www.redhat.com/security/updates/classification/#critical

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/