- Issued:
- 2004-08-05
- Updated:
- 2004-08-05
RHBA-2004:303 - Bug Fix Advisory
Synopsis
Updated openssh packages
Type/Severity
Bug Fix Advisory
Topic
Updated openssh packages that include a bug fix are now available for Red
Hat Enterprise Linux 2.1.
Description
OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. SSH
replaces rlogin and rsh, providing secure encrypted communications between
two untrusted hosts over an insecure network. X11 connections and arbitrary
TCP/IP ports can also be forwarded over the secure channel. Public key
authentication may be used for "passwordless" access to servers.
These updated packages corrected a bug which prevented sshd from properly
manipulating the /var/log/lastlog entry for users with very high UIDs.
When manipulating the entry in /var/log/lastlog, which corresponds to a
given user, sshd calculates the location of the entry by multiplying the
UID and the length of an entry in the file. On some systems, the
result of this calculation would mistakenly be truncated to 32 bits for
users with sufficiently high UIDs.
All users of openssh should upgrade to these updated packages, which
resolve this issue.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.
Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate. The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:
Affected Products
- Red Hat Enterprise Linux Server 2 ia64
- Red Hat Enterprise Linux Server 2 i386
- Red Hat Enterprise Linux Workstation 2 ia64
- Red Hat Enterprise Linux Workstation 2 i386
Fixes
(none)CVEs
(none)
References
(none)
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.