Jump to content
Compatible Support Forums
Sign in to follow this  
news

[RHSA-2008:0855-01] Critical: openssh security update

Recommended Posts

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

=====================================================================

Red Hat Security Advisory

 

Synopsis: Critical: openssh security update

Advisory ID: RHSA-2008:0855-01

Product: Red Hat Enterprise Linux

Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0855.html

Issue date: 2008-08-22

CVE Names: CVE-2007-4752

=====================================================================

 

1. Summary:

 

Updated openssh packages are now available for Red Hat Enterprise Linux 4,

Red Hat Enterprise Linux 5, and Red Hat Enterprise Linux 4.5 Extended

Update Support.

 

This update has been rated as having critical security impact by the Red

Hat Security Response Team.

 

2. Relevant releases/architectures:

 

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Enterprise Linux AS version 4.5.z - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Enterprise Linux Desktop version 4 - i386, x86_64

Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64

Red Hat Enterprise Linux ES version 4.5.z - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

 

3. Description:

 

OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation.

 

Last week Red Hat detected an intrusion on certain of its computer systems

and took immediate action. While the investigation into the intrusion is

on-going, our initial focus was to review and test the distribution

channel we use with our customers, Red Hat Network (RHN) and its associated

security measures. Based on these efforts, we remain highly confident that

our systems and processes prevented the intrusion from compromising RHN or

the content distributed via RHN and accordingly believe that customers who

keep their systems updated using Red Hat Network are not at risk. We are

issuing this alert primarily for those who may obtain Red Hat binary

packages via channels other than those of official Red Hat subscribers.

 

In connection with the incident, the intruder was able to sign a small

number of OpenSSH packages relating only to Red Hat Enterprise Linux 4

(i386 and x86_64 architectures only) and Red Hat Enterprise Linux 5 (x86_64

architecture only). As a precautionary measure, we are releasing an

updated version of these packages, and have published a list of the

tampered packages and how to detect them at

http://www.redhat.com/security/data/openssh-blacklist.html

 

To reiterate, our processes and efforts to date indicate that packages

obtained by Red Hat Enterprise Linux subscribers via Red Hat Network are

not at risk.

 

These packages also fix a low severity flaw in the way ssh handles X11

cookies when creating X11 forwarding connections. When ssh was unable to

create untrusted cookie, ssh used a trusted cookie instead, possibly

allowing the administrative user of a untrusted remote server, or untrusted

application run on the remote server, to gain unintended access to a users

local X server. (CVE-2007-4752)

 

4. Solution:

 

Before applying this update, make sure that all previously-released

errata relevant to your system have been applied.

 

This update is available via Red Hat Network. Details on how to use

the Red Hat Network to apply this update are available at

http://kbase.redhat.com/faq/FAQ_58_10188

 

5. Bugs fixed (http://bugzilla.redhat.com/):

 

280361 - CVE-2007-4752 openssh falls back to the trusted x11 cookie if generation of an untrusted cookie fails

 

6. Package List:

 

Red Hat Enterprise Linux AS version 4:

 

Source:

ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openssh-3.9p1-11.el4_7.src.rpm

 

i386:

openssh-3.9p1-11.el4_7.i386.rpm

openssh-askpass-3.9p1-11.el4_7.i386.rpm

openssh-askpass-gnome-3.9p1-11.el4_7.i386.rpm

openssh-clients-3.9p1-11.el4_7.i386.rpm

openssh-debuginfo-3.9p1-11.el4_7.i386.rpm

openssh-server-3.9p1-11.el4_7.i386.rpm

 

ia64:

openssh-3.9p1-11.el4_7.ia64.rpm

openssh-askpass-3.9p1-11.el4_7.ia64.rpm

openssh-askpass-gnome-3.9p1-11.el4_7.ia64.rpm

openssh-clients-3.9p1-11.el4_7.ia64.rpm

openssh-debuginfo-3.9p1-11.el4_7.ia64.rpm

openssh-server-3.9p1-11.el4_7.ia64.rpm

 

ppc:

openssh-3.9p1-11.el4_7.ppc.rpm

openssh-askpass-3.9p1-11.el4_7.ppc.rpm

openssh-askpass-gnome-3.9p1-11.el4_7.ppc.rpm

openssh-clients-3.9p1-11.el4_7.ppc.rpm

openssh-debuginfo-3.9p1-11.el4_7.ppc.rpm

openssh-server-3.9p1-11.el4_7.ppc.rpm

 

s390:

openssh-3.9p1-11.el4_7.s390.rpm

openssh-askpass-3.9p1-11.el4_7.s390.rpm

openssh-askpass-gnome-3.9p1-11.el4_7.s390.rpm

openssh-clients-3.9p1-11.el4_7.s390.rpm

openssh-debuginfo-3.9p1-11.el4_7.s390.rpm

openssh-server-3.9p1-11.el4_7.s390.rpm

 

s390x:

openssh-3.9p1-11.el4_7.s390x.rpm

openssh-askpass-3.9p1-11.el4_7.s390x.rpm

openssh-askpass-gnome-3.9p1-11.el4_7.s390x.rpm

openssh-clients-3.9p1-11.el4_7.s390x.rpm

openssh-debuginfo-3.9p1-11.el4_7.s390x.rpm

openssh-server-3.9p1-11.el4_7.s390x.rpm

 

x86_64:

openssh-3.9p1-11.el4_7.x86_64.rpm

openssh-askpass-3.9p1-11.el4_7.x86_64.rpm

openssh-askpass-gnome-3.9p1-11.el4_7.x86_64.rpm

openssh-clients-3.9p1-11.el4_7.x86_64.rpm

openssh-debuginfo-3.9p1-11.el4_7.x86_64.rpm

openssh-server-3.9p1-11.el4_7.x86_64.rpm

 

Red Hat Enterprise Linux AS version 4.5.z:

 

Source:

ftp://updates.redhat.com/enterprise/4AS-4.5.z/en/os/SRPMS/openssh-3.9p1-10.RHEL4.20.src.rpm

 

i386:

openssh-3.9p1-10.RHEL4.20.i386.rpm

openssh-askpass-3.9p1-10.RHEL4.20.i386.rpm

openssh-askpass-gnome-3.9p1-10.RHEL4.20.i386.rpm

openssh-clients-3.9p1-10.RHEL4.20.i386.rpm

openssh-debuginfo-3.9p1-10.RHEL4.20.i386.rpm

openssh-server-3.9p1-10.RHEL4.20.i386.rpm

 

ia64:

openssh-3.9p1-10.RHEL4.20.ia64.rpm

openssh-askpass-3.9p1-10.RHEL4.20.ia64.rpm

openssh-askpass-gnome-3.9p1-10.RHEL4.20.ia64.rpm

openssh-clients-3.9p1-10.RHEL4.20.ia64.rpm

openssh-debuginfo-3.9p1-10.RHEL4.20.ia64.rpm

openssh-server-3.9p1-10.RHEL4.20.ia64.rpm

 

ppc:

openssh-3.9p1-10.RHEL4.20.ppc.rpm

openssh-askpass-3.9p1-10.RHEL4.20.ppc.rpm

openssh-askpass-gnome-3.9p1-10.RHEL4.20.ppc.rpm

openssh-clients-3.9p1-10.RHEL4.20.ppc.rpm

openssh-debuginfo-3.9p1-10.RHEL4.20.ppc.rpm

openssh-server-3.9p1-10.RHEL4.20.ppc.rpm

 

s390:

openssh-3.9p1-10.RHEL4.20.s390x.rpm

openssh-askpass-3.9p1-10.RHEL4.20.s390x.rpm

openssh-askpass-gnome-3.9p1-10.RHEL4.20.s390x.rpm

openssh-clients-3.9p1-10.RHEL4.20.s390x.rpm

openssh-debuginfo-3.9p1-10.RHEL4.20.s390x.rpm

openssh-server-3.9p1-10.RHEL4.20.s390x.rpm

 

s390x:

openssh-3.9p1-10.RHEL4.20.s390x.rpm

openssh-askpass-3.9p1-10.RHEL4.20.s390x.rpm

openssh-askpass-gnome-3.9p1-10.RHEL4.20.s390x.rpm

openssh-clients-3.9p1-10.RHEL4.20.s390x.rpm

openssh-debuginfo-3.9p1-10.RHEL4.20.s390x.rpm

openssh-server-3.9p1-10.RHEL4.20.s390x.rpm

 

x86_64:

openssh-3.9p1-10.RHEL4.20.x86_64.rpm

openssh-askpass-3.9p1-10.RHEL4.20.x86_64.rpm

openssh-askpass-gnome-3.9p1-10.RHEL4.20.x86_64.rpm

openssh-clients-3.9p1-10.RHEL4.20.x86_64.rpm

openssh-debuginfo-3.9p1-10.RHEL4.20.x86_64.rpm

openssh-server-3.9p1-10.RHEL4.20.x86_64.rpm

 

Red Hat Enterprise Linux Desktop version 4:

 

Source:

ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openssh-3.9p1-11.el4_7.src.rpm

 

i386:

openssh-3.9p1-11.el4_7.i386.rpm

openssh-askpass-3.9p1-11.el4_7.i386.rpm

openssh-askpass-gnome-3.9p1-11.el4_7.i386.rpm

openssh-clients-3.9p1-11.el4_7.i386.rpm

openssh-debuginfo-3.9p1-11.el4_7.i386.rpm

openssh-server-3.9p1-11.el4_7.i386.rpm

 

x86_64:

openssh-3.9p1-11.el4_7.x86_64.rpm

openssh-askpass-3.9p1-11.el4_7.x86_64.rpm

openssh-askpass-gnome-3.9p1-11.el4_7.x86_64.rpm

openssh-clients-3.9p1-11.el4_7.x86_64.rpm

openssh-debuginfo-3.9p1-11.el4_7.x86_64.rpm

openssh-server-3.9p1-11.el4_7.x86_64.rpm

 

Red Hat Enterprise Linux ES version 4:

 

Source:

ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openssh-3.9p1-11.el4_7.src.rpm

 

i386:

openssh-3.9p1-11.el4_7.i386.rpm

openssh-askpass-3.9p1-11.el4_7.i386.rpm

openssh-askpass-gnome-3.9p1-11.el4_7.i386.rpm

openssh-clients-3.9p1-11.el4_7.i386.rpm

openssh-debuginfo-3.9p1-11.el4_7.i386.rpm

openssh-server-3.9p1-11.el4_7.i386.rpm

 

ia64:

openssh-3.9p1-11.el4_7.ia64.rpm

openssh-askpass-3.9p1-11.el4_7.ia64.rpm

openssh-askpass-gnome-3.9p1-11.el4_7.ia64.rpm

openssh-clients-3.9p1-11.el4_7.ia64.rpm

openssh-debuginfo-3.9p1-11.el4_7.ia64.rpm

openssh-server-3.9p1-11.el4_7.ia64.rpm

 

x86_64:

openssh-3.9p1-11.el4_7.x86_64.rpm

openssh-askpass-3.9p1-11.el4_7.x86_64.rpm

openssh-askpass-gnome-3.9p1-11.el4_7.x86_64.rpm

openssh-clients-3.9p1-11.el4_7.x86_64.rpm

openssh-debuginfo-3.9p1-11.el4_7.x86_64.rpm

openssh-server-3.9p1-11.el4_7.x86_64.rpm

 

Red Hat Enterprise Linux ES version 4.5.z:

 

Source:

ftp://updates.redhat.com/enterprise/4ES-4.5.z/en/os/SRPMS/openssh-3.9p1-10.RHEL4.20.src.rpm

 

i386:

openssh-3.9p1-10.RHEL4.20.i386.rpm

openssh-askpass-3.9p1-10.RHEL4.20.i386.rpm

openssh-askpass-gnome-3.9p1-10.RHEL4.20.i386.rpm

openssh-clients-3.9p1-10.RHEL4.20.i386.rpm

openssh-debuginfo-3.9p1-10.RHEL4.20.i386.rpm

openssh-server-3.9p1-10.RHEL4.20.i386.rpm

 

ia64:

openssh-3.9p1-10.RHEL4.20.ia64.rpm

openssh-askpass-3.9p1-10.RHEL4.20.ia64.rpm

openssh-askpass-gnome-3.9p1-10.RHEL4.20.ia64.rpm

openssh-clients-3.9p1-10.RHEL4.20.ia64.rpm

openssh-debuginfo-3.9p1-10.RHEL4.20.ia64.rpm

openssh-server-3.9p1-10.RHEL4.20.ia64.rpm

 

x86_64:

openssh-3.9p1-10.RHEL4.20.x86_64.rpm

openssh-askpass-3.9p1-10.RHEL4.20.x86_64.rpm

openssh-askpass-gnome-3.9p1-10.RHEL4.20.x86_64.rpm

openssh-clients-3.9p1-10.RHEL4.20.x86_64.rpm

openssh-debuginfo-3.9p1-10.RHEL4.20.x86_64.rpm

openssh-server-3.9p1-10.RHEL4.20.x86_64.rpm

 

Red Hat Enterprise Linux WS version 4:

 

Source:

ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openssh-3.9p1-11.el4_7.src.rpm

 

i386:

openssh-3.9p1-11.el4_7.i386.rpm

openssh-askpass-3.9p1-11.el4_7.i386.rpm

openssh-askpass-gnome-3.9p1-11.el4_7.i386.rpm

openssh-clients-3.9p1-11.el4_7.i386.rpm

openssh-debuginfo-3.9p1-11.el4_7.i386.rpm

openssh-server-3.9p1-11.el4_7.i386.rpm

 

ia64:

openssh-3.9p1-11.el4_7.ia64.rpm

openssh-askpass-3.9p1-11.el4_7.ia64.rpm

openssh-askpass-gnome-3.9p1-11.el4_7.ia64.rpm

openssh-clients-3.9p1-11.el4_7.ia64.rpm

openssh-debuginfo-3.9p1-11.el4_7.ia64.rpm

openssh-server-3.9p1-11.el4_7.ia64.rpm

 

x86_64:

openssh-3.9p1-11.el4_7.x86_64.rpm

openssh-askpass-3.9p1-11.el4_7.x86_64.rpm

openssh-askpass-gnome-3.9p1-11.el4_7.x86_64.rpm

openssh-clients-3.9p1-11.el4_7.x86_64.rpm

openssh-debuginfo-3.9p1-11.el4_7.x86_64.rpm

openssh-server-3.9p1-11.el4_7.x86_64.rpm

 

Red Hat Enterprise Linux Desktop (v. 5 client):

 

Source:

ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssh-4.3p2-26.el5_2.1.src.rpm

 

i386:

openssh-4.3p2-26.el5_2.1.i386.rpm

openssh-askpass-4.3p2-26.el5_2.1.i386.rpm

openssh-clients-4.3p2-26.el5_2.1.i386.rpm

openssh-debuginfo-4.3p2-26.el5_2.1.i386.rpm

openssh-server-4.3p2-26.el5_2.1.i386.rpm

 

x86_64:

openssh-4.3p2-26.el5_2.1.x86_64.rpm

openssh-askpass-4.3p2-26.el5_2.1.x86_64.rpm

openssh-clients-4.3p2-26.el5_2.1.x86_64.rpm

openssh-debuginfo-4.3p2-26.el5_2.1.x86_64.rpm

openssh-server-4.3p2-26.el5_2.1.x86_64.rpm

 

Red Hat Enterprise Linux (v. 5 server):

 

Source:

ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openssh-4.3p2-26.el5_2.1.src.rpm

 

i386:

openssh-4.3p2-26.el5_2.1.i386.rpm

openssh-askpass-4.3p2-26.el5_2.1.i386.rpm

openssh-clients-4.3p2-26.el5_2.1.i386.rpm

openssh-debuginfo-4.3p2-26.el5_2.1.i386.rpm

openssh-server-4.3p2-26.el5_2.1.i386.rpm

 

ia64:

openssh-4.3p2-26.el5_2.1.ia64.rpm

openssh-askpass-4.3p2-26.el5_2.1.ia64.rpm

openssh-clients-4.3p2-26.el5_2.1.ia64.rpm

openssh-debuginfo-4.3p2-26.el5_2.1.ia64.rpm

openssh-server-4.3p2-26.el5_2.1.ia64.rpm

 

ppc:

openssh-4.3p2-26.el5_2.1.ppc.rpm

openssh-askpass-4.3p2-26.el5_2.1.ppc.rpm

openssh-clients-4.3p2-26.el5_2.1.ppc.rpm

openssh-debuginfo-4.3p2-26.el5_2.1.ppc.rpm

openssh-server-4.3p2-26.el5_2.1.ppc.rpm

 

s390x:

openssh-4.3p2-26.el5_2.1.s390x.rpm

openssh-askpass-4.3p2-26.el5_2.1.s390x.rpm

openssh-clients-4.3p2-26.el5_2.1.s390x.rpm

openssh-debuginfo-4.3p2-26.el5_2.1.s390x.rpm

openssh-server-4.3p2-26.el5_2.1.s390x.rpm

 

x86_64:

openssh-4.3p2-26.el5_2.1.x86_64.rpm

openssh-askpass-4.3p2-26.el5_2.1.x86_64.rpm

openssh-clients-4.3p2-26.el5_2.1.x86_64.rpm

openssh-debuginfo-4.3p2-26.el5_2.1.x86_64.rpm

openssh-server-4.3p2-26.el5_2.1.x86_64.rpm

 

These packages are GPG signed by Red Hat for security. Our key and

details on how to verify the signature are available from

https://www.redhat.com/security/team/key/#package

 

7. References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752

http://www.redhat.com/security/data/openssh-blacklist.html

http://www.redhat.com/security/updates/classification/#critical

 

8. Contact:

 

The Red Hat security contact is . More contact

details at https://www.redhat.com/security/team/contact/

 

Copyright 2008 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.4 (GNU/Linux)

 

iD8DBQFIrq3zXlSAg2UNWIIRAgcPAJwNb6Y/Z/tvgWN37Yi0+44DDXGY2ACeMs33

ugQUQ4k+fg60FO59N2ZuDOY=

=2Am+

-----END PGP SIGNATURE-----

 

 

--

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×