Security Advisory Moderate: openssh security, bug fix, and enhancement update

Advisory: RHSA-2014:1552-2
Type: Security Advisory
Severity: Moderate
Issued on: 2014-10-14
Last updated on: 2014-10-14
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2014-2532
CVE-2014-2653

Details

Updated openssh packages that fix two security issues, several bugs, and
add various enhancements are now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation.
These packages include the core files necessary for both the OpenSSH client
and server.

It was discovered that OpenSSH clients did not correctly verify DNS SSHFP
records. A malicious server could use this flaw to force a connecting
client to skip the DNS SSHFP record check and require the user to perform
manual host verification of the DNS SSHFP record. (CVE-2014-2653)

It was found that OpenSSH did not properly handle certain AcceptEnv
parameter values with wildcard characters. A remote attacker could use this
flaw to bypass intended environment variable restrictions. (CVE-2014-2532)

This update also fixes the following bugs:

* Based on the SP800-131A information security standard, the generation of
a digital signature using the Digital Signature Algorithm (DSA) with the
key size of 1024 bits and RSA with the key size of less than 2048 bits is
disallowed after the year 2013. After this update, ssh-keygen no longer
generates keys with less than 2048 bits in FIPS mode. However, the sshd
service accepts keys of size 1024 bits as well as larger keys for
compatibility reasons. (BZ#993580)

* Previously, the openssh utility incorrectly set the oom_adj value to -17
for all of its children processes. This behavior was incorrect because the
children processes were supposed to have this value set to 0. This update
applies a patch to fix this bug and oom_adj is now properly set to 0 for
all children processes as expected. (BZ#1010429)

* Previously, if the sshd service failed to verify the checksum of an
installed FIPS module using the fipscheck library, the information about
this failure was only provided at the standard error output of sshd. As a
consequence, the user could not notice this message and be uninformed when
a system had not been properly configured for FIPS mode. To fix this bug,
this behavior has been changed and sshd now sends such messages via the
syslog service. (BZ#1020803)

* When keys provided by the pkcs11 library were removed from the ssh agent
using the "ssh-add -e" command, the user was prompted to enter a PIN.
With this update, a patch has been applied to allow the user to remove the
keys provided by pkcs11 without the PIN. (BZ#1042519)

In addition, this update adds the following enhancements:

* With this update, ControlPersist has been added to OpenSSH. The option in
conjunction with the ControlMaster configuration directive specifies that
the master connection remains open in the background after the initial
client connection has been closed. (BZ#953088)

* When the sshd daemon is configured to force the internal SFTP session,
and the user attempts to use a connection other than SFTP, the appropriate
message is logged to the /var/log/secure file. (BZ#997377)

* Support for Elliptic Curve Cryptography modes for key exchange (ECDH) and
host user keys (ECDSA) as specified by RFC5656 has been added to the
openssh packages. However, they are not enabled by default and the user has
to enable them manually. For more information on how to configure ECDSA and
ECDH with OpenSSH, see: https://access.redhat.com/solutions/711953
(BZ#1028335)

All openssh users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
openssh-5.3p1-104.el6.src.rpm
File outdated by:  RHSA-2017:0641
    MD5: 441cd501c81419f4323245a4d4162b5d
SHA-256: f4bd9b57fcee047581b61711bfb2e7c93596c5b6856524192a633d7ffea17111
 
IA-32:
openssh-5.3p1-104.el6.i686.rpm
File outdated by:  RHSA-2017:0641
    MD5: a7b831d7d29e3aed88a05efd7ee1d89c
SHA-256: bea5c48d75e2de4b032a8767aad2c43a535cea9d2cffb1dbd42f29edf22c30f9
openssh-askpass-5.3p1-104.el6.i686.rpm
File outdated by:  RHSA-2017:0641
    MD5: 63665cf621b379b3b4cc8745e2dbe9fd
SHA-256: b84a2fb0ac1c3f1aa39bd8bd8c0c05aba53458be2e7c4eaed829fb85d57fe030
openssh-clients-5.3p1-104.el6.i686.rpm
File outdated by:  RHSA-2017:0641
    MD5: eb36c6da46436282941de2a085bcbb93
SHA-256: 510cfe3649846bbeb166b89e460938bb2f17b35a451bf1287d4fdedd989dd468
openssh-debuginfo-5.3p1-104.el6.i686.rpm
File outdated by:  RHSA-2017:0641
    MD5: ca3ef16db784c759a51f70ccdc27773b
SHA-256: 80390bf1a437d92bf82943fe5676f9453050a4084ad4f1d26ca7b4f5b7fc2ae1
openssh-ldap-5.3p1-104.el6.i686.rpm
File outdated by:  RHSA-2017:0641
    MD5: 180c8a2c026b01213951824785597492
SHA-256: bac643e38753489f5154f25453237bb8ddf0ebfefb9d52d8ade92ce2ec479c24
openssh-server-5.3p1-104.el6.i686.rpm
File outdated by:  RHSA-2017:0641
    MD5: 67418a309c3ec658dd4ad5384a8e4b89
SHA-256: 46ff552c5448dcde07f846222aad08d2aac6dba8091e36de34bdc5f87775bc53
pam_ssh_agent_auth-0.9.3-104.el6.i686.rpm
File outdated by:  RHSA-2017:0641
    MD5: afa0ae68b1bbed73311723857b228a57
SHA-256: 5718892fe92412c0ca90636d766962390d31afe8cae2976ff939d2d3d0da5dfc
 
x86_64:
openssh-5.3p1-104.el6.x86_64.rpm
File outdated by:  RHSA-2017:0641
    MD5: 4c2a0fc43b7e38b85d6740347e54d800
SHA-256: c25d61c6bcdc656be907e08e59db5a35e81ea855fd41aa53feb7532c29875c12
openssh-askpass-5.3p1-104.el6.x86_64.rpm
File outdated by:  RHSA-2017:0641
    MD5: 9a1f9e2c51d131ef79305f403e3a6c4f
SHA-256: 5f68dedc4cc8c714abd9e9c83f5f012e64f6dec26df2d6c5a9016e687f34dcbf
openssh-clients-5.3p1-104.el6.x86_64.rpm
File outdated by:  RHSA-2017:0641
    MD5: a05686eddd9ca8f65efe16ee5875f1f5
SHA-256: 8d8e1a4009b5f7e128f153c2fdcc905e185dba130beaddc289d84d0e8b837479
openssh-debuginfo-5.3p1-104.el6.i686.rpm
File outdated by:  RHSA-2017:0641
    MD5: ca3ef16db784c759a51f70ccdc27773b
SHA-256: 80390bf1a437d92bf82943fe5676f9453050a4084ad4f1d26ca7b4f5b7fc2ae1
openssh-debuginfo-5.3p1-104.el6.x86_64.rpm
File outdated by:  RHSA-2017:0641
    MD5: 638e2add472f35cdad026a245973119f
SHA-256: 2d1611a2e32f4c73c705c5f3463258586b868f52cc292ff6c822f1210b7d4ee7
openssh-ldap-5.3p1-104.el6.x86_64.rpm
File outdated by:  RHSA-2017:0641
    MD5: 19ce73bd1dd285146c74b89a5469f164
SHA-256: e37184397befcbec1b24c8abdb9ad324ffa8897d576ad99f0a0f1f34212d729b
openssh-server-5.3p1-104.el6.x86_64.rpm
File outdated by:  RHSA-2017:0641
    MD5: e300f87f75058b5df554eb101aa9e454
SHA-256: c43219c47e6ede21e0ac4d2645378ac05d011eac52324bdb4cd48ca498a2d3d7
pam_ssh_agent_auth-0.9.3-104.el6.i686.rpm
File outdated by:  RHSA-2017:0641
    MD5: afa0ae68b1bbed73311723857b228a57
SHA-256: 5718892fe92412c0ca90636d766962390d31afe8cae2976ff939d2d3d0da5dfc
pam_ssh_agent_auth-0.9.3-104.el6.x86_64.rpm
File outdated by:  RHSA-2017:0641
    MD5: 8949db70b7ebb9a7daabeefca8544e30
SHA-256: 58032a925fb28f107bff9835ea073111d688b16325a1a7e7f5e788cea4d1bfb0
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
openssh-5.3p1-104.el6.src.rpm
File outdated by:  RHSA-2017:0641
    MD5: 441cd501c81419f4323245a4d4162b5d
SHA-256: f4bd9b57fcee047581b61711bfb2e7c93596c5b6856524192a633d7ffea17111
 
x86_64:
openssh-5.3p1-104.el6.x86_64.rpm
File outdated by:  RHSA-2017:0641
    MD5: 4c2a0fc43b7e38b85d6740347e54d800
SHA-256: c25d61c6bcdc656be907e08e59db5a35e81ea855fd41aa53feb7532c29875c12
openssh-askpass-5.3p1-104.el6.x86_64.rpm
File outdated by:  RHSA-2017:0641
    MD5: 9a1f9e2c51d131ef79305f403e3a6c4f
SHA-256: 5f68dedc4cc8c714abd9e9c83f5f012e64f6dec26df2d6c5a9016e687f34dcbf
openssh-clients-5.3p1-104.el6.x86_64.rpm
File outdated by:  RHSA-2017:0641
    MD5: a05686eddd9ca8f65efe16ee5875f1f5
SHA-256: 8d8e1a4009b5f7e128f153c2fdcc905e185dba130beaddc289d84d0e8b837479
openssh-debuginfo-5.3p1-104.el6.i686.rpm
File outdated by:  RHSA-2017:0641
    MD5: ca3ef16db784c759a51f70ccdc27773b
SHA-256: 80390bf1a437d92bf82943fe5676f9453050a4084ad4f1d26ca7b4f5b7fc2ae1
openssh-debuginfo-5.3p1-104.el6.x86_64.rpm
File outdated by:  RHSA-2017:0641
    MD5: 638e2add472f35cdad026a245973119f
SHA-256: 2d1611a2e32f4c73c705c5f3463258586b868f52cc292ff6c822f1210b7d4ee7
openssh-ldap-5.3p1-104.el6.x86_64.rpm
File outdated by:  RHSA-2017:0641
    MD5: 19ce73bd1dd285146c74b89a5469f164
SHA-256: e37184397befcbec1b24c8abdb9ad324ffa8897d576ad99f0a0f1f34212d729b
openssh-server-5.3p1-104.el6.x86_64.rpm
File outdated by:  RHSA-2017:0641
    MD5: e300f87f75058b5df554eb101aa9e454
SHA-256: c43219c47e6ede21e0ac4d2645378ac05d011eac52324bdb4cd48ca498a2d3d7
pam_ssh_agent_auth-0.9.3-104.el6.i686.rpm
File outdated by:  RHSA-2017:0641
    MD5: afa0ae68b1bbed73311723857b228a57
SHA-256: 5718892fe92412c0ca90636d766962390d31afe8cae2976ff939d2d3d0da5dfc
pam_ssh_agent_auth-0.9.3-104.el6.x86_64.rpm
File outdated by:  RHSA-2017:0641
    MD5: 8949db70b7ebb9a7daabeefca8544e30
SHA-256: 58032a925fb28f107bff9835ea073111d688b16325a1a7e7f5e788cea4d1bfb0
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
openssh-5.3p1-104.el6.src.rpm
File outdated by:  RHSA-2017:0641
    MD5: 441cd501c81419f4323245a4d4162b5d
SHA-256: f4bd9b57fcee047581b61711bfb2e7c93596c5b6856524192a633d7ffea17111
 
IA-32:
openssh-5.3p1-104.el6.i686.rpm
File outdated by:  RHSA-2017:0641
    MD5: a7b831d7d29e3aed88a05efd7ee1d89c
SHA-256: bea5c48d75e2de4b032a8767aad2c43a535cea9d2cffb1dbd42f29edf22c30f9
openssh-askpass-5.3p1-104.el6.i686.rpm
File outdated by:  RHSA-2017:0641
    MD5: 63665cf621b379b3b4cc8745e2dbe9fd
SHA-256: b84a2fb0ac1c3f1aa39bd8bd8c0c05aba53458be2e7c4eaed829fb85d57fe030
openssh-clients-5.3p1-104.el6.i686.rpm
File outdated by:  RHSA-2017:0641
    MD5: eb36c6da46436282941de2a085bcbb93
SHA-256: 510cfe3649846bbeb166b89e460938bb2f17b35a451bf1287d4fdedd989dd468
openssh-debuginfo-5.3p1-104.el6.i686.rpm
File outdated by:  RHSA-2017:0641
    MD5: ca3ef16db784c759a51f70ccdc27773b
SHA-256: 80390bf1a437d92bf82943fe5676f9453050a4084ad4f1d26ca7b4f5b7fc2ae1
openssh-ldap-5.3p1-104.el6.i686.rpm
File outdated by:  RHSA-2017:0641
    MD5: 180c8a2c026b01213951824785597492
SHA-256: bac643e38753489f5154f25453237bb8ddf0ebfefb9d52d8ade92ce2ec479c24
openssh-server-5.3p1-104.el6.i686.rpm
File outdated by:  RHSA-2017:0641
    MD5: 67418a309c3ec658dd4ad5384a8e4b89
SHA-256: 46ff552c5448dcde07f846222aad08d2aac6dba8091e36de34bdc5f87775bc53
pam_ssh_agent_auth-0.9.3-104.el6.i686.rpm
File outdated by:  RHSA-2017:0641
    MD5: afa0ae68b1bbed73311723857b228a57
SHA-256: 5718892fe92412c0ca90636d766962390d31afe8cae2976ff939d2d3d0da5dfc
 
PPC:
openssh-5.3p1-104.el6.ppc64.rpm
File outdated by:  RHSA-2017:0641
    MD5: 24c9b639afd10254536a594663a98c91
SHA-256: ad848acd9864e7329ce372e2f133d0b224bab82e2be594a6c6cbdbac2dcc467c
openssh-askpass-5.3p1-104.el6.ppc64.rpm
File outdated by:  RHSA-2017:0641
    MD5: 316c354a33ca0fd199af00cdaa38926e
SHA-256: 69504bcb993735f54081b2cf351d2874e50f0ee60e05b3e02f5f3828ee2cc685
openssh-clients-5.3p1-104.el6.ppc64.rpm
File outdated by:  RHSA-2017:0641
    MD5: 729e16659c27bf724c4d6ea3ccd9b38d
SHA-256: 83c2716ceda00c1b7ab53710369f74b5f189de83539b679f05ce261d53409d2c
openssh-debuginfo-5.3p1-104.el6.ppc.rpm
File outdated by:  RHSA-2017:0641
    MD5: 613781b62e86b1feb098300be172f761
SHA-256: 82d0027d17a526470aec479e22d9f96adbf363ae630c4e3821ad5fc98f2d2356
openssh-debuginfo-5.3p1-104.el6.ppc64.rpm
File outdated by:  RHSA-2017:0641
    MD5: 37ba8cdf08d1a68e7495901197c465c9
SHA-256: 94a7ae141932f3efbac75e1ec98c1d4328f2166946867c72c862357eb0267fe5
openssh-ldap-5.3p1-104.el6.ppc64.rpm
File outdated by:  RHSA-2017:0641
    MD5: 25962b644c7ac2e7d1f218012e55e838
SHA-256: ae918bb0533d9f12e547112adcfd97e80ef8104908cfab4d3e4f558a4887c438
openssh-server-5.3p1-104.el6.ppc64.rpm
File outdated by:  RHSA-2017:0641
    MD5: 45e4e360af25bdc7e3faf9faeec08b36
SHA-256: aee879b3b2ac0c22f41044bd1592826165d2d8e717cdea69b213df51798655be
pam_ssh_agent_auth-0.9.3-104.el6.ppc.rpm
File outdated by:  RHSA-2017:0641
    MD5: 3512115b8cd441036a420d05751c37e4
SHA-256: 1770ca7685a4518a08cb5871691d1d4ad1e989792ab2a4c77957a503c796f461
pam_ssh_agent_auth-0.9.3-104.el6.ppc64.rpm
File outdated by:  RHSA-2017:0641
    MD5: 90077d3f20c2b83f31fabb68d32f0f47
SHA-256: a0d959d8cfc2646f82de882324c5be99c75d53b5634645084879ec80fd13d228
 
s390x:
openssh-5.3p1-104.el6.s390x.rpm
File outdated by:  RHSA-2017:0641
    MD5: ab4c05d2399d6d2d7ce65cee4401a567
SHA-256: f3f42dd41fd2c95784e4bf4682522269bc88d4bb8ae14861633263d04fa2f2d1
openssh-askpass-5.3p1-104.el6.s390x.rpm
File outdated by:  RHSA-2017:0641
    MD5: 4fb617fca7478b52bbeeff2bc3927381
SHA-256: 73684c19f14590d557b84b8bc7b188304d3de25897763d11d61c5de045a9efff
openssh-clients-5.3p1-104.el6.s390x.rpm
File outdated by:  RHSA-2017:0641
    MD5: 675904056c825fcce788da6a861b508d
SHA-256: 32361fc7cde3195533de72eea34bca77ba552710e41d50396800df532729442b
openssh-debuginfo-5.3p1-104.el6.s390.rpm
File outdated by:  RHSA-2017:0641
    MD5: 52876aab461002773da61d9cb93afac2
SHA-256: 99e04845b4cea29c22e097fc5c1a537b96e4b0209e0d1db1288c44b0b2c5f294
openssh-debuginfo-5.3p1-104.el6.s390x.rpm
File outdated by:  RHSA-2017:0641
    MD5: c72cdd9b938faae0367b1daf84f6751f
SHA-256: 7086710612648ea9fd2907b84ed4fc6dd60cecd0100b4cf0363817899564b6af
openssh-ldap-5.3p1-104.el6.s390x.rpm
File outdated by:  RHSA-2017:0641
    MD5: 1391a75c49158e7ac4bda17d5fbed0dd
SHA-256: cbf6838ecd929ed5cee3a3b9f07332f55bd4385ba2f5b012ce301fb8977f4da3
openssh-server-5.3p1-104.el6.s390x.rpm
File outdated by:  RHSA-2017:0641
    MD5: acb8f9a1b0f420847f90cc146e71a85f
SHA-256: 84993c1786b4e704e28bb70623b5d0120b1b4d11a85cdc66e5689f2812d3fd70
pam_ssh_agent_auth-0.9.3-104.el6.s390.rpm
File outdated by:  RHSA-2017:0641
    MD5: 4178a2d88d47434f2b95df7b8b0a2b56
SHA-256: a98148e424ffd70de04e2b43f60515c7cd96600b93cd580beacda8d4fc142931
pam_ssh_agent_auth-0.9.3-104.el6.s390x.rpm
File outdated by:  RHSA-2017:0641
    MD5: ab75bac46f988065b40734511eea5c4e
SHA-256: 9eef3b32caed8649e268edc9dc37985697867cbed6d86efed78d85f3c93b88a4
 
x86_64:
openssh-5.3p1-104.el6.x86_64.rpm
File outdated by:  RHSA-2017:0641
    MD5: 4c2a0fc43b7e38b85d6740347e54d800
SHA-256: c25d61c6bcdc656be907e08e59db5a35e81ea855fd41aa53feb7532c29875c12
openssh-askpass-5.3p1-104.el6.x86_64.rpm
File outdated by:  RHSA-2017:0641
    MD5: 9a1f9e2c51d131ef79305f403e3a6c4f
SHA-256: 5f68dedc4cc8c714abd9e9c83f5f012e64f6dec26df2d6c5a9016e687f34dcbf
openssh-clients-5.3p1-104.el6.x86_64.rpm
File outdated by:  RHSA-2017:0641
    MD5: a05686eddd9ca8f65efe16ee5875f1f5
SHA-256: 8d8e1a4009b5f7e128f153c2fdcc905e185dba130beaddc289d84d0e8b837479
openssh-debuginfo-5.3p1-104.el6.i686.rpm
File outdated by:  RHSA-2017:0641
    MD5: ca3ef16db784c759a51f70ccdc27773b
SHA-256: 80390bf1a437d92bf82943fe5676f9453050a4084ad4f1d26ca7b4f5b7fc2ae1
openssh-debuginfo-5.3p1-104.el6.x86_64.rpm
File outdated by:  RHSA-2017:0641
    MD5: 638e2add472f35cdad026a245973119f
SHA-256: 2d1611a2e32f4c73c705c5f3463258586b868f52cc292ff6c822f1210b7d4ee7
openssh-ldap-5.3p1-104.el6.x86_64.rpm
File outdated by:  RHSA-2017:0641
    MD5: 19ce73bd1dd285146c74b89a5469f164
SHA-256: e37184397befcbec1b24c8abdb9ad324ffa8897d576ad99f0a0f1f34212d729b
openssh-server-5.3p1-104.el6.x86_64.rpm
File outdated by:  RHSA-2017:0641
    MD5: e300f87f75058b5df554eb101aa9e454
SHA-256: c43219c47e6ede21e0ac4d2645378ac05d011eac52324bdb4cd48ca498a2d3d7
pam_ssh_agent_auth-0.9.3-104.el6.i686.rpm
File outdated by:  RHSA-2017:0641
    MD5: afa0ae68b1bbed73311723857b228a57
SHA-256: 5718892fe92412c0ca90636d766962390d31afe8cae2976ff939d2d3d0da5dfc
pam_ssh_agent_auth-0.9.3-104.el6.x86_64.rpm
File outdated by:  RHSA-2017:0641
    MD5: 8949db70b7ebb9a7daabeefca8544e30
SHA-256: 58032a925fb28f107bff9835ea073111d688b16325a1a7e7f5e788cea4d1bfb0
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
openssh-5.3p1-104.el6.src.rpm
File outdated by:  RHSA-2017:0641
    MD5: 441cd501c81419f4323245a4d4162b5d
SHA-256: f4bd9b57fcee047581b61711bfb2e7c93596c5b6856524192a633d7ffea17111
 
IA-32:
openssh-5.3p1-104.el6.i686.rpm
File outdated by:  RHSA-2017:0641
    MD5: a7b831d7d29e3aed88a05efd7ee1d89c
SHA-256: bea5c48d75e2de4b032a8767aad2c43a535cea9d2cffb1dbd42f29edf22c30f9
openssh-askpass-5.3p1-104.el6.i686.rpm
File outdated by:  RHSA-2017:0641
    MD5: 63665cf621b379b3b4cc8745e2dbe9fd
SHA-256: b84a2fb0ac1c3f1aa39bd8bd8c0c05aba53458be2e7c4eaed829fb85d57fe030
openssh-clients-5.3p1-104.el6.i686.rpm
File outdated by:  RHSA-2017:0641
    MD5: eb36c6da46436282941de2a085bcbb93
SHA-256: 510cfe3649846bbeb166b89e460938bb2f17b35a451bf1287d4fdedd989dd468
openssh-debuginfo-5.3p1-104.el6.i686.rpm
File outdated by:  RHSA-2017:0641
    MD5: ca3ef16db784c759a51f70ccdc27773b
SHA-256: 80390bf1a437d92bf82943fe5676f9453050a4084ad4f1d26ca7b4f5b7fc2ae1
openssh-ldap-5.3p1-104.el6.i686.rpm
File outdated by:  RHSA-2017:0641
    MD5: 180c8a2c026b01213951824785597492
SHA-256: bac643e38753489f5154f25453237bb8ddf0ebfefb9d52d8ade92ce2ec479c24
openssh-server-5.3p1-104.el6.i686.rpm
File outdated by:  RHSA-2017:0641
    MD5: 67418a309c3ec658dd4ad5384a8e4b89
SHA-256: 46ff552c5448dcde07f846222aad08d2aac6dba8091e36de34bdc5f87775bc53
pam_ssh_agent_auth-0.9.3-104.el6.i686.rpm
File outdated by:  RHSA-2017:0641
    MD5: afa0ae68b1bbed73311723857b228a57
SHA-256: 5718892fe92412c0ca90636d766962390d31afe8cae2976ff939d2d3d0da5dfc
 
x86_64:
openssh-5.3p1-104.el6.x86_64.rpm
File outdated by:  RHSA-2017:0641
    MD5: 4c2a0fc43b7e38b85d6740347e54d800
SHA-256: c25d61c6bcdc656be907e08e59db5a35e81ea855fd41aa53feb7532c29875c12
openssh-askpass-5.3p1-104.el6.x86_64.rpm
File outdated by:  RHSA-2017:0641
    MD5: 9a1f9e2c51d131ef79305f403e3a6c4f
SHA-256: 5f68dedc4cc8c714abd9e9c83f5f012e64f6dec26df2d6c5a9016e687f34dcbf
openssh-clients-5.3p1-104.el6.x86_64.rpm
File outdated by:  RHSA-2017:0641
    MD5: a05686eddd9ca8f65efe16ee5875f1f5
SHA-256: 8d8e1a4009b5f7e128f153c2fdcc905e185dba130beaddc289d84d0e8b837479
openssh-debuginfo-5.3p1-104.el6.i686.rpm
File outdated by:  RHSA-2017:0641
    MD5: ca3ef16db784c759a51f70ccdc27773b
SHA-256: 80390bf1a437d92bf82943fe5676f9453050a4084ad4f1d26ca7b4f5b7fc2ae1
openssh-debuginfo-5.3p1-104.el6.x86_64.rpm
File outdated by:  RHSA-2017:0641
    MD5: 638e2add472f35cdad026a245973119f
SHA-256: 2d1611a2e32f4c73c705c5f3463258586b868f52cc292ff6c822f1210b7d4ee7
openssh-ldap-5.3p1-104.el6.x86_64.rpm
File outdated by:  RHSA-2017:0641
    MD5: 19ce73bd1dd285146c74b89a5469f164
SHA-256: e37184397befcbec1b24c8abdb9ad324ffa8897d576ad99f0a0f1f34212d729b
openssh-server-5.3p1-104.el6.x86_64.rpm
File outdated by:  RHSA-2017:0641
    MD5: e300f87f75058b5df554eb101aa9e454
SHA-256: c43219c47e6ede21e0ac4d2645378ac05d011eac52324bdb4cd48ca498a2d3d7
pam_ssh_agent_auth-0.9.3-104.el6.i686.rpm
File outdated by:  RHSA-2017:0641
    MD5: afa0ae68b1bbed73311723857b228a57
SHA-256: 5718892fe92412c0ca90636d766962390d31afe8cae2976ff939d2d3d0da5dfc
pam_ssh_agent_auth-0.9.3-104.el6.x86_64.rpm
File outdated by:  RHSA-2017:0641
    MD5: 8949db70b7ebb9a7daabeefca8544e30
SHA-256: 58032a925fb28f107bff9835ea073111d688b16325a1a7e7f5e788cea4d1bfb0
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1010429 - Openssh Incorrectly sets oom_adj in all Children after Performing a Reload
1023043 - ssh_config manual page lists incorrect default value of KexAlgorithms
1023044 - Fix man page for ssh-keygen because of certificate support
1027197 - X11 Forwarding does not work with default config - error: Failed to allocate internet-domain X11 display socket
1028643 - Connection remains when fork() fails.
1077843 - CVE-2014-2532 openssh: AcceptEnv environment restriction bypass flaw
1081338 - CVE-2014-2653 openssh: failure to check DNS SSHFP records in certain scenarios
1108836 - ssh-keyscan should ignore SIGPIPE
1111568 - AUTOCREATE_SERVER_KEYS=RSAONLY is not supported by init script
953088 - OpenSSH adding ControlPersist patch to enable full usage of SSH control options


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/