Skip to navigation

Bug Fix Advisory openssh bug fix update

Advisory: RHBA-2011:1195-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2011-08-23
Last updated on: 2011-08-23
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)

Details

Updated openssh packages that resolve an issue are now available for Red Hat
Enterprise Linux 5.

OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages
include the core files necessary for both the OpenSSH client and server.

These updated openssh packages fix the following bug:

* When Federal Information Processing Standards (FIPS) mode was enabled on a
system, key-based authentication was always unsuccessful. This was caused by the
newly introduced pubkey_key_verify() verification function, which did not take
into consideration the fact that it was running in a FIPS environment. With this
update, the pubkey_key_verify() function has been modified to respect FIPS, and
authentication using an RSA key is now successful without any issues when FIPS
mode is enabled. (BZ#730652)

All users of openssh are advised to upgrade to these updated packages, which
resolve this issue.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
openssh-4.3p2-72.el5_7.5.src.rpm
File outdated by:  RHBA-2012:0237
    MD5: fcb74f723cb6d761e7bfd17e3927cda2
SHA-256: ddbbd8e2831bd97659afefd9502d2d316c98f268902cece68ef9041e831f1462
 
IA-32:
openssh-4.3p2-72.el5_7.5.i386.rpm
File outdated by:  RHBA-2012:0237
    MD5: 022bdd405e9b7a7e47cc35c4728634e2
SHA-256: 1547b7fb16bcdc2721be58f429b2fdc5431bdaa0e8eccd24ea38f0701c38e9ab
openssh-askpass-4.3p2-72.el5_7.5.i386.rpm
File outdated by:  RHBA-2012:0237
    MD5: 1786ad9462817cc73560f2cfff053d7e
SHA-256: 2868825c9447c254f8135a7ebf98e880a247c0784efdc061119226682b5463c8
openssh-clients-4.3p2-72.el5_7.5.i386.rpm
File outdated by:  RHBA-2012:0237
    MD5: 62a1ca8492af549680b4ff7b46dbe199
SHA-256: 85a42c10f4559541113d9ac26c0b116273be363ebdf5eda29af53b3e30ce7e0b
openssh-server-4.3p2-72.el5_7.5.i386.rpm
File outdated by:  RHBA-2012:0237
    MD5: 266f8ce7de44f1576ba29cec69e1de5d
SHA-256: 62f888a7f39e35a46d277df8af4e46559bb3a6b563617d3e6ec62fbdea89862f
 
IA-64:
openssh-4.3p2-72.el5_7.5.ia64.rpm
File outdated by:  RHBA-2012:0237
    MD5: c664bdf7af932a952cf27b24dad0e80f
SHA-256: 8bd30cbada696030b4f28bc28ad1cabb6b23dd845587af8d459c4f9aa1dc306a
openssh-askpass-4.3p2-72.el5_7.5.ia64.rpm
File outdated by:  RHBA-2012:0237
    MD5: f9e3bdd40e39dfb2d05d8041e25aa2cd
SHA-256: e210327330a846136fdcb9cb368c1984ec151c470a187f402d36398757b38101
openssh-clients-4.3p2-72.el5_7.5.ia64.rpm
File outdated by:  RHBA-2012:0237
    MD5: be6f8f415d08dad0a8a1cfb2c6537388
SHA-256: a997781499a072d53204901524810d3f2e9c91d3bbebd08f1eb85b683e51604f
openssh-server-4.3p2-72.el5_7.5.ia64.rpm
File outdated by:  RHBA-2012:0237
    MD5: 7300fee77fdd8bac6f78579b389824ea
SHA-256: 7f965e2b73999e6b95c97203993b517ddc35134d8b67ca1f7883ef75bdbf47a2
 
PPC:
openssh-4.3p2-72.el5_7.5.ppc.rpm
File outdated by:  RHBA-2012:0237
    MD5: 595bdf2fbade8e6e180dec56d9bac28d
SHA-256: 7ec82a03e59f825416642e3d815e7d17b0c11528d61f56247df513530d92629b
openssh-askpass-4.3p2-72.el5_7.5.ppc.rpm
File outdated by:  RHBA-2012:0237
    MD5: 737d9bc13570c82d162c57545ac1f6be
SHA-256: 1e500e88fddd8f81fb5219a976163aa86a43c7091e4362cc65a7651c30db0e15
openssh-clients-4.3p2-72.el5_7.5.ppc.rpm
File outdated by:  RHBA-2012:0237
    MD5: 473cf34d340bb62a27302fa3f41eeb39
SHA-256: 7c79908ad7d2c8aa2cd7ac6f0914770dbac6823e66bc2c55b5c4ce4983b1690e
openssh-server-4.3p2-72.el5_7.5.ppc.rpm
File outdated by:  RHBA-2012:0237
    MD5: 91e5ec44484d63cfd4c090239145e5c4
SHA-256: 6ff01ffc2a287e6fe4f8bc133bf1c30ad64abd668010ce7fd71db272b96cf868
 
s390x:
openssh-4.3p2-72.el5_7.5.s390x.rpm
File outdated by:  RHBA-2012:0237
    MD5: 8b93b34d47f30502550fed4190a51d1f
SHA-256: d28fa29fbb476079025d968c28337c8de7e1885dacb0ccc23302e0262a28abee
openssh-askpass-4.3p2-72.el5_7.5.s390x.rpm
File outdated by:  RHBA-2012:0237
    MD5: e99a60b664e3639ba9f4c57f121fe506
SHA-256: f704e397249a28d2ddc6ade6a5c87ed0fe7d93347b8e61c1405a01c83e21b39a
openssh-clients-4.3p2-72.el5_7.5.s390x.rpm
File outdated by:  RHBA-2012:0237
    MD5: 4f73e5cf7d9bdaaa5acba88bcab8711c
SHA-256: 86ebdc6dbef47769f5bb974140942fbabd16dd73bcc7b4e146e11630afff75c5
openssh-server-4.3p2-72.el5_7.5.s390x.rpm
File outdated by:  RHBA-2012:0237
    MD5: 196df3b01433fcea2395ce9baaa25504
SHA-256: 7e9ae87bdba850f4d01b3bf2e610bc801455c6d7d9eedca39219d62c79cba67e
 
x86_64:
openssh-4.3p2-72.el5_7.5.x86_64.rpm
File outdated by:  RHBA-2012:0237
    MD5: 9afcfd06ac281b1fecd7d1d8f0b6a0f9
SHA-256: d9a47e7a8f82477473b34d132c2b859e90ffffc093c31ee4166ed41946af8550
openssh-askpass-4.3p2-72.el5_7.5.x86_64.rpm
File outdated by:  RHBA-2012:0237
    MD5: 1329766ed81166d8d007074156add3ae
SHA-256: 12dbe928d1e6166ae6f8eda7c9e2cefe1e15ffe8d8660520199ed8c87ae5b964
openssh-clients-4.3p2-72.el5_7.5.x86_64.rpm
File outdated by:  RHBA-2012:0237
    MD5: 82b028585f67001df91c5b982b4a4853
SHA-256: 8f3363cfc0723d0464c5b377c6b2475a0535559cc09fa9353b07afbb0bce126b
openssh-server-4.3p2-72.el5_7.5.x86_64.rpm
File outdated by:  RHBA-2012:0237
    MD5: 173c086448e46df1582d007389360b0f
SHA-256: 0aa5fd51693f4cc77ed1fa5bb5bae723a7dc5d86df65e678b5aac2c56db0d9e5
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
openssh-4.3p2-72.el5_7.5.src.rpm
File outdated by:  RHBA-2012:0237
    MD5: fcb74f723cb6d761e7bfd17e3927cda2
SHA-256: ddbbd8e2831bd97659afefd9502d2d316c98f268902cece68ef9041e831f1462
 
IA-32:
openssh-4.3p2-72.el5_7.5.i386.rpm
File outdated by:  RHBA-2012:0237
    MD5: 022bdd405e9b7a7e47cc35c4728634e2
SHA-256: 1547b7fb16bcdc2721be58f429b2fdc5431bdaa0e8eccd24ea38f0701c38e9ab
openssh-askpass-4.3p2-72.el5_7.5.i386.rpm
File outdated by:  RHBA-2012:0237
    MD5: 1786ad9462817cc73560f2cfff053d7e
SHA-256: 2868825c9447c254f8135a7ebf98e880a247c0784efdc061119226682b5463c8
openssh-clients-4.3p2-72.el5_7.5.i386.rpm
File outdated by:  RHBA-2012:0237
    MD5: 62a1ca8492af549680b4ff7b46dbe199
SHA-256: 85a42c10f4559541113d9ac26c0b116273be363ebdf5eda29af53b3e30ce7e0b
openssh-server-4.3p2-72.el5_7.5.i386.rpm
File outdated by:  RHBA-2012:0237
    MD5: 266f8ce7de44f1576ba29cec69e1de5d
SHA-256: 62f888a7f39e35a46d277df8af4e46559bb3a6b563617d3e6ec62fbdea89862f
 
x86_64:
openssh-4.3p2-72.el5_7.5.x86_64.rpm
File outdated by:  RHBA-2012:0237
    MD5: 9afcfd06ac281b1fecd7d1d8f0b6a0f9
SHA-256: d9a47e7a8f82477473b34d132c2b859e90ffffc093c31ee4166ed41946af8550
openssh-askpass-4.3p2-72.el5_7.5.x86_64.rpm
File outdated by:  RHBA-2012:0237
    MD5: 1329766ed81166d8d007074156add3ae
SHA-256: 12dbe928d1e6166ae6f8eda7c9e2cefe1e15ffe8d8660520199ed8c87ae5b964
openssh-clients-4.3p2-72.el5_7.5.x86_64.rpm
File outdated by:  RHBA-2012:0237
    MD5: 82b028585f67001df91c5b982b4a4853
SHA-256: 8f3363cfc0723d0464c5b377c6b2475a0535559cc09fa9353b07afbb0bce126b
openssh-server-4.3p2-72.el5_7.5.x86_64.rpm
File outdated by:  RHBA-2012:0237
    MD5: 173c086448e46df1582d007389360b0f
SHA-256: 0aa5fd51693f4cc77ed1fa5bb5bae723a7dc5d86df65e678b5aac2c56db0d9e5
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

730652 - cannot login with rsa key on FIPS environment.


Keywords

authentication, based, fips, key


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/