Skip to navigation

Security Advisory openssh security update

Advisory: RHSA-2005:550-6
Type: Security Advisory
Severity: Low
Issued on: 2005-09-28
Last updated on: 2005-09-28
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 3)
CVEs (cve.mitre.org): CVE-2004-2069

Details

Updated openssh packages that fix a potential security vulnerability and
various other bugs are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This
includes the core files necessary for both the OpenSSH client and server.

A bug was found in the way the OpenSSH server handled the MaxStartups and
LoginGraceTime configuration variables. A malicious user could connect to
the SSH daemon in such a way that it would prevent additional logins from
occuring until the malicious connections are closed. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-2069 to this issue.

Additionally, the following issues are resolved with this update:

- The -q option of the ssh client did not suppress the banner message sent
by the server, which caused errors when used in scripts.

- The sshd daemon failed to close the client connection if multiple X
clients were forwarded over the connection and the client session exited.

- The sftp client leaked memory if used for extended periods.

- The sshd daemon called the PAM functions incorrectly if the user was
unknown on the system.

All users of openssh should upgrade to these updated packages, which
contain backported patches and resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
openssh-3.6.1p2-33.30.6.src.rpm
File outdated by:  RHBA-2007:0462
    MD5: f514321c6f738324ef5aa4df64a6e1c2
 
IA-32:
openssh-3.6.1p2-33.30.6.i386.rpm
File outdated by:  RHBA-2007:0462
    MD5: 52e87b68f36f459088903be25e4dc9fd
openssh-askpass-3.6.1p2-33.30.6.i386.rpm
File outdated by:  RHBA-2007:0462
    MD5: 4352bdb2f2c165818bb72723840bc96e
openssh-askpass-gnome-3.6.1p2-33.30.6.i386.rpm
File outdated by:  RHBA-2007:0462
    MD5: bccb045b7834a86051d4be555034f048
openssh-clients-3.6.1p2-33.30.6.i386.rpm
File outdated by:  RHBA-2007:0462
    MD5: 4cda57abc7d85f321900d568a95c5480
openssh-server-3.6.1p2-33.30.6.i386.rpm
File outdated by:  RHBA-2007:0462
    MD5: b807bb89e975f7c6afe6f8270d1d5357
 
x86_64:
openssh-3.6.1p2-33.30.6.x86_64.rpm
File outdated by:  RHBA-2007:0462
    MD5: 2778b91c7cb7735c4b60fac710a4e602
openssh-askpass-3.6.1p2-33.30.6.x86_64.rpm
File outdated by:  RHBA-2007:0462
    MD5: ed944f1bdecb361ee6cf8e9429ccbc52
openssh-askpass-gnome-3.6.1p2-33.30.6.x86_64.rpm
File outdated by:  RHBA-2007:0462
    MD5: 252f1926456af7e2749fa34eafd91cec
openssh-clients-3.6.1p2-33.30.6.x86_64.rpm
File outdated by:  RHBA-2007:0462
    MD5: 9d788669ff55c53e49e35e1f0919c0ce
openssh-server-3.6.1p2-33.30.6.x86_64.rpm
File outdated by:  RHBA-2007:0462
    MD5: 3552034cbb2d541408fe82faf821a42f
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
openssh-3.6.1p2-33.30.6.src.rpm
File outdated by:  RHBA-2007:0462
    MD5: f514321c6f738324ef5aa4df64a6e1c2
 
IA-32:
openssh-3.6.1p2-33.30.6.i386.rpm
File outdated by:  RHBA-2007:0462
    MD5: 52e87b68f36f459088903be25e4dc9fd
openssh-askpass-3.6.1p2-33.30.6.i386.rpm
File outdated by:  RHBA-2007:0462
    MD5: 4352bdb2f2c165818bb72723840bc96e
openssh-askpass-gnome-3.6.1p2-33.30.6.i386.rpm
File outdated by:  RHBA-2007:0462
    MD5: bccb045b7834a86051d4be555034f048
openssh-clients-3.6.1p2-33.30.6.i386.rpm
File outdated by:  RHBA-2007:0462
    MD5: 4cda57abc7d85f321900d568a95c5480
openssh-server-3.6.1p2-33.30.6.i386.rpm
File outdated by:  RHBA-2007:0462
    MD5: b807bb89e975f7c6afe6f8270d1d5357
 
IA-64:
openssh-3.6.1p2-33.30.6.ia64.rpm
File outdated by:  RHBA-2007:0462
    MD5: 26481121cb896b726c8e891b801ef3d6
openssh-askpass-3.6.1p2-33.30.6.ia64.rpm
File outdated by:  RHBA-2007:0462
    MD5: 2f8aa489e8d9744cbafcd45730794395
openssh-askpass-gnome-3.6.1p2-33.30.6.ia64.rpm
File outdated by:  RHBA-2007:0462
    MD5: fbdd53c3bf2288409aa0687f3717ea5b
openssh-clients-3.6.1p2-33.30.6.ia64.rpm
File outdated by:  RHBA-2007:0462
    MD5: d60c195299c8e07e4c5e100f18e2145b
openssh-server-3.6.1p2-33.30.6.ia64.rpm
File outdated by:  RHBA-2007:0462
    MD5: a0b7c2e40c942f7996003b3d33dc7094
 
PPC:
openssh-3.6.1p2-33.30.6.ppc.rpm
File outdated by:  RHBA-2007:0462
    MD5: 3e29708efad159fa8cc254662b6ff505
openssh-askpass-3.6.1p2-33.30.6.ppc.rpm
File outdated by:  RHBA-2007:0462
    MD5: 5c6363576c83399dfa948aa45d8f185e
openssh-askpass-gnome-3.6.1p2-33.30.6.ppc.rpm
File outdated by:  RHBA-2007:0462
    MD5: bea38750538bd370e65406b5b1eabf33
openssh-clients-3.6.1p2-33.30.6.ppc.rpm
File outdated by:  RHBA-2007:0462
    MD5: fc65f08b4c2e6ede36e0f7762140aa5c
openssh-server-3.6.1p2-33.30.6.ppc.rpm
File outdated by:  RHBA-2007:0462
    MD5: ddb0d4bbf471f2c9a60ac8d928a1733e
 
s390:
openssh-3.6.1p2-33.30.6.s390.rpm
File outdated by:  RHBA-2007:0462
    MD5: a09e96711d0f9e6527193eb3a3660ce1
openssh-askpass-3.6.1p2-33.30.6.s390.rpm
File outdated by:  RHBA-2007:0462
    MD5: 8fde7e1acc7593ba0048836f88c9548f
openssh-askpass-gnome-3.6.1p2-33.30.6.s390.rpm
File outdated by:  RHBA-2007:0462
    MD5: 35e1caa39539fbdd1bd38f17ad66103d
openssh-clients-3.6.1p2-33.30.6.s390.rpm
File outdated by:  RHBA-2007:0462
    MD5: c6f91623373358c892fcb36c7785d1c6
openssh-server-3.6.1p2-33.30.6.s390.rpm
File outdated by:  RHBA-2007:0462
    MD5: d13ba0dee80f74ac42eb2594fb1582cd
 
s390x:
openssh-3.6.1p2-33.30.6.s390x.rpm
File outdated by:  RHBA-2007:0462
    MD5: c953f6bebbffc2c5e888a4b59c4cee7a
openssh-askpass-3.6.1p2-33.30.6.s390x.rpm
File outdated by:  RHBA-2007:0462
    MD5: 3938bf4cb26335f471f494fd455427a0
openssh-askpass-gnome-3.6.1p2-33.30.6.s390x.rpm
File outdated by:  RHBA-2007:0462
    MD5: 06561eab8bd1a67fec7747c9b4ace426
openssh-clients-3.6.1p2-33.30.6.s390x.rpm
File outdated by:  RHBA-2007:0462
    MD5: 42df2d392e3741527b820edb6e7fe8c0
openssh-server-3.6.1p2-33.30.6.s390x.rpm
File outdated by:  RHBA-2007:0462
    MD5: 2bc0b74d772c4fea91ba835b23e86fae
 
x86_64:
openssh-3.6.1p2-33.30.6.x86_64.rpm
File outdated by:  RHBA-2007:0462
    MD5: 2778b91c7cb7735c4b60fac710a4e602
openssh-askpass-3.6.1p2-33.30.6.x86_64.rpm
File outdated by:  RHBA-2007:0462
    MD5: ed944f1bdecb361ee6cf8e9429ccbc52
openssh-askpass-gnome-3.6.1p2-33.30.6.x86_64.rpm
File outdated by:  RHBA-2007:0462
    MD5: 252f1926456af7e2749fa34eafd91cec
openssh-clients-3.6.1p2-33.30.6.x86_64.rpm
File outdated by:  RHBA-2007:0462
    MD5: 9d788669ff55c53e49e35e1f0919c0ce
openssh-server-3.6.1p2-33.30.6.x86_64.rpm
File outdated by:  RHBA-2007:0462
    MD5: 3552034cbb2d541408fe82faf821a42f
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
openssh-3.6.1p2-33.30.6.src.rpm
File outdated by:  RHBA-2007:0462
    MD5: f514321c6f738324ef5aa4df64a6e1c2
 
IA-32:
openssh-3.6.1p2-33.30.6.i386.rpm
File outdated by:  RHBA-2007:0462
    MD5: 52e87b68f36f459088903be25e4dc9fd
openssh-askpass-3.6.1p2-33.30.6.i386.rpm
File outdated by:  RHBA-2007:0462
    MD5: 4352bdb2f2c165818bb72723840bc96e
openssh-askpass-gnome-3.6.1p2-33.30.6.i386.rpm
File outdated by:  RHBA-2007:0462
    MD5: bccb045b7834a86051d4be555034f048
openssh-clients-3.6.1p2-33.30.6.i386.rpm
File outdated by:  RHBA-2007:0462
    MD5: 4cda57abc7d85f321900d568a95c5480
openssh-server-3.6.1p2-33.30.6.i386.rpm
File outdated by:  RHBA-2007:0462
    MD5: b807bb89e975f7c6afe6f8270d1d5357
 
IA-64:
openssh-3.6.1p2-33.30.6.ia64.rpm
File outdated by:  RHBA-2007:0462
    MD5: 26481121cb896b726c8e891b801ef3d6
openssh-askpass-3.6.1p2-33.30.6.ia64.rpm
File outdated by:  RHBA-2007:0462
    MD5: 2f8aa489e8d9744cbafcd45730794395
openssh-askpass-gnome-3.6.1p2-33.30.6.ia64.rpm
File outdated by:  RHBA-2007:0462
    MD5: fbdd53c3bf2288409aa0687f3717ea5b
openssh-clients-3.6.1p2-33.30.6.ia64.rpm
File outdated by:  RHBA-2007:0462
    MD5: d60c195299c8e07e4c5e100f18e2145b
openssh-server-3.6.1p2-33.30.6.ia64.rpm
File outdated by:  RHBA-2007:0462
    MD5: a0b7c2e40c942f7996003b3d33dc7094
 
x86_64:
openssh-3.6.1p2-33.30.6.x86_64.rpm
File outdated by:  RHBA-2007:0462
    MD5: 2778b91c7cb7735c4b60fac710a4e602
openssh-askpass-3.6.1p2-33.30.6.x86_64.rpm
File outdated by:  RHBA-2007:0462
    MD5: ed944f1bdecb361ee6cf8e9429ccbc52
openssh-askpass-gnome-3.6.1p2-33.30.6.x86_64.rpm
File outdated by:  RHBA-2007:0462
    MD5: 252f1926456af7e2749fa34eafd91cec
openssh-clients-3.6.1p2-33.30.6.x86_64.rpm
File outdated by:  RHBA-2007:0462
    MD5: 9d788669ff55c53e49e35e1f0919c0ce
openssh-server-3.6.1p2-33.30.6.x86_64.rpm
File outdated by:  RHBA-2007:0462
    MD5: 3552034cbb2d541408fe82faf821a42f
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
openssh-3.6.1p2-33.30.6.src.rpm
File outdated by:  RHBA-2007:0462
    MD5: f514321c6f738324ef5aa4df64a6e1c2
 
IA-32:
openssh-3.6.1p2-33.30.6.i386.rpm
File outdated by:  RHBA-2007:0462
    MD5: 52e87b68f36f459088903be25e4dc9fd
openssh-askpass-3.6.1p2-33.30.6.i386.rpm
File outdated by:  RHBA-2007:0462
    MD5: 4352bdb2f2c165818bb72723840bc96e
openssh-askpass-gnome-3.6.1p2-33.30.6.i386.rpm
File outdated by:  RHBA-2007:0462
    MD5: bccb045b7834a86051d4be555034f048
openssh-clients-3.6.1p2-33.30.6.i386.rpm
File outdated by:  RHBA-2007:0462
    MD5: 4cda57abc7d85f321900d568a95c5480
openssh-server-3.6.1p2-33.30.6.i386.rpm
File outdated by:  RHBA-2007:0462
    MD5: b807bb89e975f7c6afe6f8270d1d5357
 
IA-64:
openssh-3.6.1p2-33.30.6.ia64.rpm
File outdated by:  RHBA-2007:0462
    MD5: 26481121cb896b726c8e891b801ef3d6
openssh-askpass-3.6.1p2-33.30.6.ia64.rpm
File outdated by:  RHBA-2007:0462
    MD5: 2f8aa489e8d9744cbafcd45730794395
openssh-askpass-gnome-3.6.1p2-33.30.6.ia64.rpm
File outdated by:  RHBA-2007:0462
    MD5: fbdd53c3bf2288409aa0687f3717ea5b
openssh-clients-3.6.1p2-33.30.6.ia64.rpm
File outdated by:  RHBA-2007:0462
    MD5: d60c195299c8e07e4c5e100f18e2145b
openssh-server-3.6.1p2-33.30.6.ia64.rpm
File outdated by:  RHBA-2007:0462
    MD5: a0b7c2e40c942f7996003b3d33dc7094
 
x86_64:
openssh-3.6.1p2-33.30.6.x86_64.rpm
File outdated by:  RHBA-2007:0462
    MD5: 2778b91c7cb7735c4b60fac710a4e602
openssh-askpass-3.6.1p2-33.30.6.x86_64.rpm
File outdated by:  RHBA-2007:0462
    MD5: ed944f1bdecb361ee6cf8e9429ccbc52
openssh-askpass-gnome-3.6.1p2-33.30.6.x86_64.rpm
File outdated by:  RHBA-2007:0462
    MD5: 252f1926456af7e2749fa34eafd91cec
openssh-clients-3.6.1p2-33.30.6.x86_64.rpm
File outdated by:  RHBA-2007:0462
    MD5: 9d788669ff55c53e49e35e1f0919c0ce
openssh-server-3.6.1p2-33.30.6.x86_64.rpm
File outdated by:  RHBA-2007:0462
    MD5: 3552034cbb2d541408fe82faf821a42f
 

Bugs fixed (see bugzilla for more information)

129289 - [PATCH] SSH -q flag does not suppress banner text
151080 - sftp over a persistent connection (days/weeks) develops a memory leak.
156996 - CAN-2004-2069 openssh DoS issue


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/