Red Hat Product Errata RHBA-2011:1382 - Bug Fix Advisory
Issued:
2011-10-19
Updated:
2011-10-19

RHBA-2011:1382 - Bug Fix Advisory

Synopsis

openssh bug fix update

Type/Severity

Bug Fix Advisory

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated openssh packages that fix a bug are now available for Red Hat Enterprise
Linux 5 Extended Update Support.

Description

OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages
include the core files necessary for both the OpenSSH client and server.

This update fixes the following bug:

  • When Federal Information Processing Standards (FIPS) mode was enabled on a

system, key-based authentication was always unsuccessful. This was caused by the
newly introduced pubkey_key_verify() verification function, which did not take
into consideration the fact that it was running in a FIPS environment. With this
update, the pubkey_key_verify() function has been modified to respect FIPS, and
authentication using an RSA key is now successful without any issues when FIPS
mode is enabled. (BZ#739822)

All users of openssh are advised to upgrade to these updated packages, which fix
this bug.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.6 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.6 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.6 i386
  • Red Hat Enterprise Linux Server - AUS 5.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 5.6 ia64
  • Red Hat Enterprise Linux Server - AUS 5.6 i386
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.6 s390x
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.6 ppc
  • Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.6 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.6 i386

Fixes

  • BZ - 739822 - cannot login with rsa key on FIPS environment.

CVEs

(none)

References

(none)

Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.6

SRPM
openssh-4.3p2-72.el5_6.4.src.rpm SHA-256: 3913ebcc2b3b387620af70caf4f323302f9749b7b2fe101c299223cd9b3b53e4
x86_64
openssh-4.3p2-72.el5_6.4.x86_64.rpm SHA-256: 9673d2931a23398d43adca032959e130c5cd3c2de1cd75498593b7ecd95736d5
openssh-askpass-4.3p2-72.el5_6.4.x86_64.rpm SHA-256: f81616456e607267e000eaacb4d9859c0b790f97c8bcf1450297758c9c4af5f4
openssh-clients-4.3p2-72.el5_6.4.x86_64.rpm SHA-256: 9c9c0d20d153b9fee8c667c020cdd3d8aa3c29664a3937cb2bb5df54e1462fd0
openssh-server-4.3p2-72.el5_6.4.x86_64.rpm SHA-256: 55ab3d6e07efc05f380b4f702249377a53d4b2b41e373f95696d0553591af6c8
ia64
openssh-4.3p2-72.el5_6.4.ia64.rpm SHA-256: 4509b6843e6f0de91c57b4a97f6d11667bdf97a2b0a01c7c4b173c2eb7cbde0f
openssh-askpass-4.3p2-72.el5_6.4.ia64.rpm SHA-256: 5a489594bdf74989d226668967021ecddaa80c632884e097f2d5b21af4c20ea7
openssh-clients-4.3p2-72.el5_6.4.ia64.rpm SHA-256: b60029669f6a9a149c7c1a575d67f6999cb099c18a57c5dec0fb5cd19a086207
openssh-server-4.3p2-72.el5_6.4.ia64.rpm SHA-256: 3697f9e5f43f10da1f4eb9613a98b0cdc69910ac526de32b0cf6de60b5a18c70
i386
openssh-4.3p2-72.el5_6.4.i386.rpm SHA-256: cc887a690185154ec0d98a7ff1083f3dc801ece599d657d2bc403a9baee3b3ce
openssh-askpass-4.3p2-72.el5_6.4.i386.rpm SHA-256: 86f903b5a429367493375a0aaafe3ab816f9bc8fc36025a44686a9dd94c72395
openssh-clients-4.3p2-72.el5_6.4.i386.rpm SHA-256: 16dee6c021c10a2ed26a08e165b60a5c470e0744c7b69df6495cff79820791a4
openssh-server-4.3p2-72.el5_6.4.i386.rpm SHA-256: c7fc25bc04183d6cd2b715b30e9b2fa78a9df6b6ca1049845619b4a61e71e3e3

Red Hat Enterprise Linux Server - AUS 5.6

SRPM
openssh-4.3p2-72.el5_6.4.src.rpm SHA-256: 3913ebcc2b3b387620af70caf4f323302f9749b7b2fe101c299223cd9b3b53e4
x86_64
openssh-4.3p2-72.el5_6.4.x86_64.rpm SHA-256: 9673d2931a23398d43adca032959e130c5cd3c2de1cd75498593b7ecd95736d5
openssh-askpass-4.3p2-72.el5_6.4.x86_64.rpm SHA-256: f81616456e607267e000eaacb4d9859c0b790f97c8bcf1450297758c9c4af5f4
openssh-clients-4.3p2-72.el5_6.4.x86_64.rpm SHA-256: 9c9c0d20d153b9fee8c667c020cdd3d8aa3c29664a3937cb2bb5df54e1462fd0
openssh-server-4.3p2-72.el5_6.4.x86_64.rpm SHA-256: 55ab3d6e07efc05f380b4f702249377a53d4b2b41e373f95696d0553591af6c8
ia64
openssh-4.3p2-72.el5_6.4.ia64.rpm SHA-256: 4509b6843e6f0de91c57b4a97f6d11667bdf97a2b0a01c7c4b173c2eb7cbde0f
openssh-askpass-4.3p2-72.el5_6.4.ia64.rpm SHA-256: 5a489594bdf74989d226668967021ecddaa80c632884e097f2d5b21af4c20ea7
openssh-clients-4.3p2-72.el5_6.4.ia64.rpm SHA-256: b60029669f6a9a149c7c1a575d67f6999cb099c18a57c5dec0fb5cd19a086207
openssh-server-4.3p2-72.el5_6.4.ia64.rpm SHA-256: 3697f9e5f43f10da1f4eb9613a98b0cdc69910ac526de32b0cf6de60b5a18c70
i386
openssh-4.3p2-72.el5_6.4.i386.rpm SHA-256: cc887a690185154ec0d98a7ff1083f3dc801ece599d657d2bc403a9baee3b3ce
openssh-askpass-4.3p2-72.el5_6.4.i386.rpm SHA-256: 86f903b5a429367493375a0aaafe3ab816f9bc8fc36025a44686a9dd94c72395
openssh-clients-4.3p2-72.el5_6.4.i386.rpm SHA-256: 16dee6c021c10a2ed26a08e165b60a5c470e0744c7b69df6495cff79820791a4
openssh-server-4.3p2-72.el5_6.4.i386.rpm SHA-256: c7fc25bc04183d6cd2b715b30e9b2fa78a9df6b6ca1049845619b4a61e71e3e3

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.6

SRPM
openssh-4.3p2-72.el5_6.4.src.rpm SHA-256: 3913ebcc2b3b387620af70caf4f323302f9749b7b2fe101c299223cd9b3b53e4
s390x
openssh-4.3p2-72.el5_6.4.s390x.rpm SHA-256: e3860a96457ad18ad42bc266ca2c2b955c725b42dbd55803572d9f634fdd9e20
openssh-askpass-4.3p2-72.el5_6.4.s390x.rpm SHA-256: be5e6031ed89b4e28caacdb06d2d48611496cb97e69dc6561c058d325f202ca3
openssh-clients-4.3p2-72.el5_6.4.s390x.rpm SHA-256: 3bd379780e972fcab963aa38c0f20777bc799667a74c03167898847898cf06ee
openssh-server-4.3p2-72.el5_6.4.s390x.rpm SHA-256: 16ffdbc7dcfa9a8f20a8d14dca2c0c31176c53738680b41a3fb8ace8b60e1cc7

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.6

SRPM
openssh-4.3p2-72.el5_6.4.src.rpm SHA-256: 3913ebcc2b3b387620af70caf4f323302f9749b7b2fe101c299223cd9b3b53e4
ppc
openssh-4.3p2-72.el5_6.4.ppc.rpm SHA-256: 526f600d5b071cb0a677339bede303b18864d1522a5eee093c449304016c9506
openssh-askpass-4.3p2-72.el5_6.4.ppc.rpm SHA-256: 25d5a70212ab8a28dae0aea5a5b4d06ae7ba299a514db68c7acde19ca5fd1295
openssh-clients-4.3p2-72.el5_6.4.ppc.rpm SHA-256: 814d268b683b0f0d25a92b42d084184850a932761baa3224496ffb08a1161591
openssh-server-4.3p2-72.el5_6.4.ppc.rpm SHA-256: 629e34a94447eeba8ed5b997f727219eb36b01a173322edeec3f497369242315

Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.6

SRPM
openssh-4.3p2-72.el5_6.4.src.rpm SHA-256: 3913ebcc2b3b387620af70caf4f323302f9749b7b2fe101c299223cd9b3b53e4
x86_64
openssh-4.3p2-72.el5_6.4.x86_64.rpm SHA-256: 9673d2931a23398d43adca032959e130c5cd3c2de1cd75498593b7ecd95736d5
openssh-askpass-4.3p2-72.el5_6.4.x86_64.rpm SHA-256: f81616456e607267e000eaacb4d9859c0b790f97c8bcf1450297758c9c4af5f4
openssh-clients-4.3p2-72.el5_6.4.x86_64.rpm SHA-256: 9c9c0d20d153b9fee8c667c020cdd3d8aa3c29664a3937cb2bb5df54e1462fd0
openssh-server-4.3p2-72.el5_6.4.x86_64.rpm SHA-256: 55ab3d6e07efc05f380b4f702249377a53d4b2b41e373f95696d0553591af6c8
i386
openssh-4.3p2-72.el5_6.4.i386.rpm SHA-256: cc887a690185154ec0d98a7ff1083f3dc801ece599d657d2bc403a9baee3b3ce
openssh-askpass-4.3p2-72.el5_6.4.i386.rpm SHA-256: 86f903b5a429367493375a0aaafe3ab816f9bc8fc36025a44686a9dd94c72395
openssh-clients-4.3p2-72.el5_6.4.i386.rpm SHA-256: 16dee6c021c10a2ed26a08e165b60a5c470e0744c7b69df6495cff79820791a4
openssh-server-4.3p2-72.el5_6.4.i386.rpm SHA-256: c7fc25bc04183d6cd2b715b30e9b2fa78a9df6b6ca1049845619b4a61e71e3e3

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.