- Issued:
- 2011-01-12
- Updated:
- 2011-01-12
RHBA-2011:0018 - Bug Fix Advisory
Synopsis
openssh bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Lightspeed patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated openssh packages that fix various bugs and add enhancements are now
available for Red Hat Enterprise Linux 5.
Description
OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages
include the core files necessary for both the OpenSSH client and server.
These updated packages fix the following bugs:
- When the ~/.bashrc startup file contained a command that produced an output to
standard error (STDERR), the sftp utility was unable to log in to that account.
This bug has been fixed, and the output to STDERR no longer prevents sftp from
establishing the connection. (BZ#576765)
- Due to the limitations of the data type that was used to store user identifier
(UID), the lastlog record was not created for users with UID larger than
2147483647. With this update, this data type has been changed to unsigned long
integer, and the /var/log/lastlog database is now updated as expected.
(BZ#616396)
- Although the OpenSSH update RHSA-2009:1287 mentioned the change of the cipher
preference, the openssh packages did not actually include this adjustment. This
update changes the cipher preference as announced, so that CTR mode ciphers are
now preferred to CBC mode. (BZ#661716)
As well, this update adds the following enhancements:
- The "ForceCommand" directive has been added as a valid /etc/ssh/sshd_config
option, making it possible to force the execution of the supplied command
regardless of user input. (BZ#532559)
- The OpenSSL dynamic engine loading support has been added, so that the ibmca
engine can now use Central Processor Assist for Cryptographic Function (CPACF).
(BZ#594815)
- When a key authentication is used to log in to a machine, the same information
as the one that is logged when using Pluggable Authentication Modules (PAM) is
written to the log file, including the information about the key type and size,
and a fingerprint. Additionally, when an encrypted tunnel is being established,
the sshd daemon now logs the result of the cipher negotiation, that is, the type
and the key size. (BZ#632402, BZ#659242, BZ#661669)
All OpenSSH users are advised to upgrade to these updated packages, which
resolve these issues and add these enhancements.
Solution
Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 616396 - lastlog is not recorded with the big uid
- BZ - 661669 - The upcoming audit patch causes inability to run sshd as non root
- BZ - 661716 - openssh: change cipher preference to prefer CRT over CBC ciphers
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
| SRPM | |
|---|---|
| openssh-4.3p2-72.el5.src.rpm | SHA-256: 641503e849d73504a0935dd19d0a9b794df400088190cb2c55b657139fff1584 |
| x86_64 | |
| openssh-4.3p2-72.el5.x86_64.rpm | SHA-256: faac2433139ce60c01c1e4a94a71e0b1269d75614985dcbcaa2c739f71cb3ae8 |
| openssh-askpass-4.3p2-72.el5.x86_64.rpm | SHA-256: 0d3849775b345560d1542c28c3651e3070d29ab974311233396c0233298aff23 |
| openssh-clients-4.3p2-72.el5.x86_64.rpm | SHA-256: f08c820a288a3b9e27d275aba283b496a47a4694f7e13b3dc285c7e19f158f56 |
| openssh-server-4.3p2-72.el5.x86_64.rpm | SHA-256: 4e78db2e392a1ef28de7a777870d5b37e7a9842fa8ab85335a13a015a70ce77d |
| ia64 | |
| openssh-4.3p2-72.el5.ia64.rpm | SHA-256: 4360bc3fd47ca9e4a270e1c8f8af9b1801bacd74a81ef900a15033479103ed74 |
| openssh-askpass-4.3p2-72.el5.ia64.rpm | SHA-256: 928d3dc2d6913ae941fd2511249f5a8052433cedeb84999a72447776211ca443 |
| openssh-clients-4.3p2-72.el5.ia64.rpm | SHA-256: 947fa7eb7d813e0efa9742a0d6907f7db64ada087dcd4948f6a1cd6442c01ae6 |
| openssh-server-4.3p2-72.el5.ia64.rpm | SHA-256: 5e589c1375f3f92b984d8287679402cffa012d9fe2194487afcd3fad459751f3 |
| i386 | |
| openssh-4.3p2-72.el5.i386.rpm | SHA-256: e3ba1a67d56632b053556194d14c10777e59a49af85e3dad06a2983cdcf22c23 |
| openssh-askpass-4.3p2-72.el5.i386.rpm | SHA-256: d799a0e61d5f0e832f72d8c53ec48a89e43862122b82cb66905a250fef10f7b3 |
| openssh-clients-4.3p2-72.el5.i386.rpm | SHA-256: cac3ee40ad1c43a6adc72292d605fa341a853595bbd688dba73a3ca4e8b34c55 |
| openssh-server-4.3p2-72.el5.i386.rpm | SHA-256: 8aea1096145a9ea199bea484cec47ae28b082b8c3edb66bbe08990785f079f90 |
Red Hat Enterprise Linux Workstation 5
| SRPM | |
|---|---|
| openssh-4.3p2-72.el5.src.rpm | SHA-256: 641503e849d73504a0935dd19d0a9b794df400088190cb2c55b657139fff1584 |
| x86_64 | |
| openssh-4.3p2-72.el5.x86_64.rpm | SHA-256: faac2433139ce60c01c1e4a94a71e0b1269d75614985dcbcaa2c739f71cb3ae8 |
| openssh-askpass-4.3p2-72.el5.x86_64.rpm | SHA-256: 0d3849775b345560d1542c28c3651e3070d29ab974311233396c0233298aff23 |
| openssh-clients-4.3p2-72.el5.x86_64.rpm | SHA-256: f08c820a288a3b9e27d275aba283b496a47a4694f7e13b3dc285c7e19f158f56 |
| openssh-server-4.3p2-72.el5.x86_64.rpm | SHA-256: 4e78db2e392a1ef28de7a777870d5b37e7a9842fa8ab85335a13a015a70ce77d |
| i386 | |
| openssh-4.3p2-72.el5.i386.rpm | SHA-256: e3ba1a67d56632b053556194d14c10777e59a49af85e3dad06a2983cdcf22c23 |
| openssh-askpass-4.3p2-72.el5.i386.rpm | SHA-256: d799a0e61d5f0e832f72d8c53ec48a89e43862122b82cb66905a250fef10f7b3 |
| openssh-clients-4.3p2-72.el5.i386.rpm | SHA-256: cac3ee40ad1c43a6adc72292d605fa341a853595bbd688dba73a3ca4e8b34c55 |
| openssh-server-4.3p2-72.el5.i386.rpm | SHA-256: 8aea1096145a9ea199bea484cec47ae28b082b8c3edb66bbe08990785f079f90 |
Red Hat Enterprise Linux Desktop 5
| SRPM | |
|---|---|
| openssh-4.3p2-72.el5.src.rpm | SHA-256: 641503e849d73504a0935dd19d0a9b794df400088190cb2c55b657139fff1584 |
| x86_64 | |
| openssh-4.3p2-72.el5.x86_64.rpm | SHA-256: faac2433139ce60c01c1e4a94a71e0b1269d75614985dcbcaa2c739f71cb3ae8 |
| openssh-askpass-4.3p2-72.el5.x86_64.rpm | SHA-256: 0d3849775b345560d1542c28c3651e3070d29ab974311233396c0233298aff23 |
| openssh-clients-4.3p2-72.el5.x86_64.rpm | SHA-256: f08c820a288a3b9e27d275aba283b496a47a4694f7e13b3dc285c7e19f158f56 |
| openssh-server-4.3p2-72.el5.x86_64.rpm | SHA-256: 4e78db2e392a1ef28de7a777870d5b37e7a9842fa8ab85335a13a015a70ce77d |
| i386 | |
| openssh-4.3p2-72.el5.i386.rpm | SHA-256: e3ba1a67d56632b053556194d14c10777e59a49af85e3dad06a2983cdcf22c23 |
| openssh-askpass-4.3p2-72.el5.i386.rpm | SHA-256: d799a0e61d5f0e832f72d8c53ec48a89e43862122b82cb66905a250fef10f7b3 |
| openssh-clients-4.3p2-72.el5.i386.rpm | SHA-256: cac3ee40ad1c43a6adc72292d605fa341a853595bbd688dba73a3ca4e8b34c55 |
| openssh-server-4.3p2-72.el5.i386.rpm | SHA-256: 8aea1096145a9ea199bea484cec47ae28b082b8c3edb66bbe08990785f079f90 |
Red Hat Enterprise Linux for IBM z Systems 5
| SRPM | |
|---|---|
| openssh-4.3p2-72.el5.src.rpm | SHA-256: 641503e849d73504a0935dd19d0a9b794df400088190cb2c55b657139fff1584 |
| s390x | |
| openssh-4.3p2-72.el5.s390x.rpm | SHA-256: e963c85d5d4ae22eb43500a1498ad5e68cb0a6ab93b81101e0c2e99265b6fc93 |
| openssh-askpass-4.3p2-72.el5.s390x.rpm | SHA-256: ab4aa475486d1edf89d37db3eb1c4508c27c68f3543a3db39fc3569c9a47e667 |
| openssh-clients-4.3p2-72.el5.s390x.rpm | SHA-256: cd8c3ec95ebd92126c17460cafcc4a4a8cfeeeb75b83f1a01bf22c7acf205525 |
| openssh-server-4.3p2-72.el5.s390x.rpm | SHA-256: da151a85e661337ac398e3bfead5ceed30e1c43007a2047d28f3dd67de4a2886 |
Red Hat Enterprise Linux for Power, big endian 5
| SRPM | |
|---|---|
| openssh-4.3p2-72.el5.src.rpm | SHA-256: 641503e849d73504a0935dd19d0a9b794df400088190cb2c55b657139fff1584 |
| ppc | |
| openssh-4.3p2-72.el5.ppc.rpm | SHA-256: 7e73727d6905ac75bd660b5f6cf9f7c41701705a32d68fce650afc675fe6ff37 |
| openssh-askpass-4.3p2-72.el5.ppc.rpm | SHA-256: 8130cb17790a9e0a7620244ff81694902d95f02374ce0de61a5efe3906610006 |
| openssh-clients-4.3p2-72.el5.ppc.rpm | SHA-256: d411ab86d4944b2cc89c333bb19029b08a1feb8b78d437c6cdbbe30a785dd957 |
| openssh-server-4.3p2-72.el5.ppc.rpm | SHA-256: be054e75dd9270b3fb3cca67ea9ab2db3b0d0b1c304b0185a179b098b4a93a06 |
Red Hat Enterprise Linux Server from RHUI 5
| SRPM | |
|---|---|
| openssh-4.3p2-72.el5.src.rpm | SHA-256: 641503e849d73504a0935dd19d0a9b794df400088190cb2c55b657139fff1584 |
| x86_64 | |
| openssh-4.3p2-72.el5.x86_64.rpm | SHA-256: faac2433139ce60c01c1e4a94a71e0b1269d75614985dcbcaa2c739f71cb3ae8 |
| openssh-askpass-4.3p2-72.el5.x86_64.rpm | SHA-256: 0d3849775b345560d1542c28c3651e3070d29ab974311233396c0233298aff23 |
| openssh-clients-4.3p2-72.el5.x86_64.rpm | SHA-256: f08c820a288a3b9e27d275aba283b496a47a4694f7e13b3dc285c7e19f158f56 |
| openssh-server-4.3p2-72.el5.x86_64.rpm | SHA-256: 4e78db2e392a1ef28de7a777870d5b37e7a9842fa8ab85335a13a015a70ce77d |
| i386 | |
| openssh-4.3p2-72.el5.i386.rpm | SHA-256: e3ba1a67d56632b053556194d14c10777e59a49af85e3dad06a2983cdcf22c23 |
| openssh-askpass-4.3p2-72.el5.i386.rpm | SHA-256: d799a0e61d5f0e832f72d8c53ec48a89e43862122b82cb66905a250fef10f7b3 |
| openssh-clients-4.3p2-72.el5.i386.rpm | SHA-256: cac3ee40ad1c43a6adc72292d605fa341a853595bbd688dba73a3ca4e8b34c55 |
| openssh-server-4.3p2-72.el5.i386.rpm | SHA-256: 8aea1096145a9ea199bea484cec47ae28b082b8c3edb66bbe08990785f079f90 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
