Red Hat Product Errata RHSA-2006:0697 - Security Advisory

Issued:: 2006-09-28
Updated:: 2006-09-28

RHSA-2006:0697 - Security Advisory

Overview
Updated Packages

Synopsis

openssh security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated openssh packages that fix two security flaws are now available for
Red Hat Enterprise Linux 3 and 4.

This update has been rated as having important security impact by the Red Hat
Security Response Team.

Description

OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This
package includes the core files necessary for both the OpenSSH client and
server.

Mark Dowd discovered a signal handler race condition in the OpenSSH sshd
server. A remote attacker could possibly leverage this flaw to cause a
denial of service (crash). (CVE-2006-5051) The OpenSSH project believes the
likelihood of successful exploitation leading to arbitrary code execution
appears remote. However, the Red Hat Security Response Team have not yet
been able to verify this claim due to lack of upstream vulnerability
information. We are therefore including a fix for this flaw and have rated
it important security severity in the event our continued investigation
finds this issue to be exploitable.

Tavis Ormandy of the Google Security Team discovered a denial of service
bug in the OpenSSH sshd server. A remote attacker can send a specially
crafted SSH-1 request to the server causing sshd to consume a large
quantity of CPU resources. (CVE-2006-4924)

All users of openssh should upgrade to these updated packages, which
contain backported patches that resolves these issues.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server 3 x86_64
Red Hat Enterprise Linux Server 3 ia64
Red Hat Enterprise Linux Server 3 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Workstation 3 x86_64
Red Hat Enterprise Linux Workstation 3 ia64
Red Hat Enterprise Linux Workstation 3 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux Desktop 3 x86_64
Red Hat Enterprise Linux Desktop 3 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems 3 s390x
Red Hat Enterprise Linux for IBM z Systems 3 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

BZ - 207955 - CVE-2006-4924 openssh DoS
BZ - 208347 - CVE-2006-5051 unsafe GSSAPI signal handler

CVEs

References

http://www.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
openssh-3.9p1-8.RHEL4.17.src.rpm	SHA-256: 05982190669bead9f6ff4672366eaa23ab7c20d3bbb332e852dd70e456c54117
x86_64
openssh-3.9p1-8.RHEL4.17.x86_64.rpm	SHA-256: 19eee6352e1d51fb99dfade3fe5cdd0d3f63630d6a34f43efef043f5f4b277cb
openssh-3.9p1-8.RHEL4.17.x86_64.rpm	SHA-256: 19eee6352e1d51fb99dfade3fe5cdd0d3f63630d6a34f43efef043f5f4b277cb
openssh-askpass-3.9p1-8.RHEL4.17.x86_64.rpm	SHA-256: f302ce75f3729db7fb2d039bbcd16412fad0b6e61d559512015ccc7bd8bff7a1
openssh-askpass-3.9p1-8.RHEL4.17.x86_64.rpm	SHA-256: f302ce75f3729db7fb2d039bbcd16412fad0b6e61d559512015ccc7bd8bff7a1
openssh-askpass-gnome-3.9p1-8.RHEL4.17.x86_64.rpm	SHA-256: a6cdc4d063491882c2533b66df2352b573cb7488026bed4799e335ba57cac968
openssh-askpass-gnome-3.9p1-8.RHEL4.17.x86_64.rpm	SHA-256: a6cdc4d063491882c2533b66df2352b573cb7488026bed4799e335ba57cac968
openssh-clients-3.9p1-8.RHEL4.17.x86_64.rpm	SHA-256: 524b191ff437185babce6b936d09486765521a44fe78038c3a25af508ee3407e
openssh-clients-3.9p1-8.RHEL4.17.x86_64.rpm	SHA-256: 524b191ff437185babce6b936d09486765521a44fe78038c3a25af508ee3407e
openssh-server-3.9p1-8.RHEL4.17.x86_64.rpm	SHA-256: ce709ab1e8fd00b2fe70d865b27d4f2cd8c061bd37be0b71c5e07e337eda2ae9
openssh-server-3.9p1-8.RHEL4.17.x86_64.rpm	SHA-256: ce709ab1e8fd00b2fe70d865b27d4f2cd8c061bd37be0b71c5e07e337eda2ae9
ia64
openssh-3.9p1-8.RHEL4.17.ia64.rpm	SHA-256: 7b2b8f0cd03840ac61a91c589b0b12c41cf9a4cb332a4a82fc3306db6bb014df
openssh-3.9p1-8.RHEL4.17.ia64.rpm	SHA-256: 7b2b8f0cd03840ac61a91c589b0b12c41cf9a4cb332a4a82fc3306db6bb014df
openssh-askpass-3.9p1-8.RHEL4.17.ia64.rpm	SHA-256: ab43e6890d693114a683031f7ca3f497d4f202436c517e28da1ae46ef92ac087
openssh-askpass-3.9p1-8.RHEL4.17.ia64.rpm	SHA-256: ab43e6890d693114a683031f7ca3f497d4f202436c517e28da1ae46ef92ac087
openssh-askpass-gnome-3.9p1-8.RHEL4.17.ia64.rpm	SHA-256: bf25ec81a8653c99a1807c3af2111e6532a4e49bc70500f0761f658957d2586d
openssh-askpass-gnome-3.9p1-8.RHEL4.17.ia64.rpm	SHA-256: bf25ec81a8653c99a1807c3af2111e6532a4e49bc70500f0761f658957d2586d
openssh-clients-3.9p1-8.RHEL4.17.ia64.rpm	SHA-256: 7887dce187ac2e69f2f5faad7645575de4b32099821ee874688f52597ee230ce
openssh-clients-3.9p1-8.RHEL4.17.ia64.rpm	SHA-256: 7887dce187ac2e69f2f5faad7645575de4b32099821ee874688f52597ee230ce
openssh-server-3.9p1-8.RHEL4.17.ia64.rpm	SHA-256: b772596f08c420d097789f1f92c82bceeedcd7cb26248819f84841e60af31a56
openssh-server-3.9p1-8.RHEL4.17.ia64.rpm	SHA-256: b772596f08c420d097789f1f92c82bceeedcd7cb26248819f84841e60af31a56
i386
openssh-3.9p1-8.RHEL4.17.i386.rpm	SHA-256: f9122fca5a207c4f7aaa2b191697a78e0d99d47b7c3c2a4a2b21936ca333ab1e
openssh-3.9p1-8.RHEL4.17.i386.rpm	SHA-256: f9122fca5a207c4f7aaa2b191697a78e0d99d47b7c3c2a4a2b21936ca333ab1e
openssh-askpass-3.9p1-8.RHEL4.17.i386.rpm	SHA-256: 8f17f067d210ae147b570cceb033c089a2fc3b9cd52db7e0b988cab6c60897c6
openssh-askpass-3.9p1-8.RHEL4.17.i386.rpm	SHA-256: 8f17f067d210ae147b570cceb033c089a2fc3b9cd52db7e0b988cab6c60897c6
openssh-askpass-gnome-3.9p1-8.RHEL4.17.i386.rpm	SHA-256: c34853c8a9b20042b3e88cc13b832693707a952918760a1f47590c8bc2d406d8
openssh-askpass-gnome-3.9p1-8.RHEL4.17.i386.rpm	SHA-256: c34853c8a9b20042b3e88cc13b832693707a952918760a1f47590c8bc2d406d8
openssh-clients-3.9p1-8.RHEL4.17.i386.rpm	SHA-256: 07a42fb5ec119484f99b9a813490db58caf09dfe002c70c1d65fd67e22b4f4b5
openssh-clients-3.9p1-8.RHEL4.17.i386.rpm	SHA-256: 07a42fb5ec119484f99b9a813490db58caf09dfe002c70c1d65fd67e22b4f4b5
openssh-server-3.9p1-8.RHEL4.17.i386.rpm	SHA-256: 4e8c3f72b35287f9bff3eeddd2696e099bdc8499583bd131434afab868b729d3
openssh-server-3.9p1-8.RHEL4.17.i386.rpm	SHA-256: 4e8c3f72b35287f9bff3eeddd2696e099bdc8499583bd131434afab868b729d3

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 4

SRPM
openssh-3.9p1-8.RHEL4.17.src.rpm	SHA-256: 05982190669bead9f6ff4672366eaa23ab7c20d3bbb332e852dd70e456c54117
x86_64
openssh-3.9p1-8.RHEL4.17.x86_64.rpm	SHA-256: 19eee6352e1d51fb99dfade3fe5cdd0d3f63630d6a34f43efef043f5f4b277cb
openssh-askpass-3.9p1-8.RHEL4.17.x86_64.rpm	SHA-256: f302ce75f3729db7fb2d039bbcd16412fad0b6e61d559512015ccc7bd8bff7a1
openssh-askpass-gnome-3.9p1-8.RHEL4.17.x86_64.rpm	SHA-256: a6cdc4d063491882c2533b66df2352b573cb7488026bed4799e335ba57cac968
openssh-clients-3.9p1-8.RHEL4.17.x86_64.rpm	SHA-256: 524b191ff437185babce6b936d09486765521a44fe78038c3a25af508ee3407e
openssh-server-3.9p1-8.RHEL4.17.x86_64.rpm	SHA-256: ce709ab1e8fd00b2fe70d865b27d4f2cd8c061bd37be0b71c5e07e337eda2ae9
ia64
openssh-3.9p1-8.RHEL4.17.ia64.rpm	SHA-256: 7b2b8f0cd03840ac61a91c589b0b12c41cf9a4cb332a4a82fc3306db6bb014df
openssh-askpass-3.9p1-8.RHEL4.17.ia64.rpm	SHA-256: ab43e6890d693114a683031f7ca3f497d4f202436c517e28da1ae46ef92ac087
openssh-askpass-gnome-3.9p1-8.RHEL4.17.ia64.rpm	SHA-256: bf25ec81a8653c99a1807c3af2111e6532a4e49bc70500f0761f658957d2586d
openssh-clients-3.9p1-8.RHEL4.17.ia64.rpm	SHA-256: 7887dce187ac2e69f2f5faad7645575de4b32099821ee874688f52597ee230ce
openssh-server-3.9p1-8.RHEL4.17.ia64.rpm	SHA-256: b772596f08c420d097789f1f92c82bceeedcd7cb26248819f84841e60af31a56
i386
openssh-3.9p1-8.RHEL4.17.i386.rpm	SHA-256: f9122fca5a207c4f7aaa2b191697a78e0d99d47b7c3c2a4a2b21936ca333ab1e
openssh-askpass-3.9p1-8.RHEL4.17.i386.rpm	SHA-256: 8f17f067d210ae147b570cceb033c089a2fc3b9cd52db7e0b988cab6c60897c6
openssh-askpass-gnome-3.9p1-8.RHEL4.17.i386.rpm	SHA-256: c34853c8a9b20042b3e88cc13b832693707a952918760a1f47590c8bc2d406d8
openssh-clients-3.9p1-8.RHEL4.17.i386.rpm	SHA-256: 07a42fb5ec119484f99b9a813490db58caf09dfe002c70c1d65fd67e22b4f4b5
openssh-server-3.9p1-8.RHEL4.17.i386.rpm	SHA-256: 4e8c3f72b35287f9bff3eeddd2696e099bdc8499583bd131434afab868b729d3

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Desktop 4

SRPM
openssh-3.9p1-8.RHEL4.17.src.rpm	SHA-256: 05982190669bead9f6ff4672366eaa23ab7c20d3bbb332e852dd70e456c54117
x86_64
openssh-3.9p1-8.RHEL4.17.x86_64.rpm	SHA-256: 19eee6352e1d51fb99dfade3fe5cdd0d3f63630d6a34f43efef043f5f4b277cb
openssh-askpass-3.9p1-8.RHEL4.17.x86_64.rpm	SHA-256: f302ce75f3729db7fb2d039bbcd16412fad0b6e61d559512015ccc7bd8bff7a1
openssh-askpass-gnome-3.9p1-8.RHEL4.17.x86_64.rpm	SHA-256: a6cdc4d063491882c2533b66df2352b573cb7488026bed4799e335ba57cac968
openssh-clients-3.9p1-8.RHEL4.17.x86_64.rpm	SHA-256: 524b191ff437185babce6b936d09486765521a44fe78038c3a25af508ee3407e
openssh-server-3.9p1-8.RHEL4.17.x86_64.rpm	SHA-256: ce709ab1e8fd00b2fe70d865b27d4f2cd8c061bd37be0b71c5e07e337eda2ae9
i386
openssh-3.9p1-8.RHEL4.17.i386.rpm	SHA-256: f9122fca5a207c4f7aaa2b191697a78e0d99d47b7c3c2a4a2b21936ca333ab1e
openssh-askpass-3.9p1-8.RHEL4.17.i386.rpm	SHA-256: 8f17f067d210ae147b570cceb033c089a2fc3b9cd52db7e0b988cab6c60897c6
openssh-askpass-gnome-3.9p1-8.RHEL4.17.i386.rpm	SHA-256: c34853c8a9b20042b3e88cc13b832693707a952918760a1f47590c8bc2d406d8
openssh-clients-3.9p1-8.RHEL4.17.i386.rpm	SHA-256: 07a42fb5ec119484f99b9a813490db58caf09dfe002c70c1d65fd67e22b4f4b5
openssh-server-3.9p1-8.RHEL4.17.i386.rpm	SHA-256: 4e8c3f72b35287f9bff3eeddd2696e099bdc8499583bd131434afab868b729d3

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
openssh-3.9p1-8.RHEL4.17.src.rpm	SHA-256: 05982190669bead9f6ff4672366eaa23ab7c20d3bbb332e852dd70e456c54117
s390x
openssh-3.9p1-8.RHEL4.17.s390x.rpm	SHA-256: aad95afa818e31b6290f4a864a8b32a5947b4119d65bce973ccb475f8be7aa9d
openssh-askpass-3.9p1-8.RHEL4.17.s390x.rpm	SHA-256: 77c4095dbcd19df72f235c2f10338b6b7941e8c41856fa5466972a279057f5f8
openssh-askpass-gnome-3.9p1-8.RHEL4.17.s390x.rpm	SHA-256: 5ec6ad63100f57d039050a93a525038b50444ca660d2ffdc2d2f306923fb6435
openssh-clients-3.9p1-8.RHEL4.17.s390x.rpm	SHA-256: 5d006bc572b7d0d8e86dff247cb360f865943b67858a546ea496f6823e801023
openssh-server-3.9p1-8.RHEL4.17.s390x.rpm	SHA-256: 36ceb6f523a28995f1547b24459f932058edaea3c1658bf483253993bc62508a
s390
openssh-3.9p1-8.RHEL4.17.s390.rpm	SHA-256: c0c6b76deb4b754cb310abeacdc714d63fd8c2de5a5e2b8559e66d5b2038792c
openssh-askpass-3.9p1-8.RHEL4.17.s390.rpm	SHA-256: 3967cb30c99ed1420e0572ba84aecccf796085d31a476d093e8f45f3d7c57664
openssh-askpass-gnome-3.9p1-8.RHEL4.17.s390.rpm	SHA-256: 988899648c4bad1529d4d40a6be52488d5883b1b385cbf1c56187daf43b6b22b
openssh-clients-3.9p1-8.RHEL4.17.s390.rpm	SHA-256: cb81e8eca89d177004ea8be074ed5957bd75dc8ea37011d9e893549608248d42
openssh-server-3.9p1-8.RHEL4.17.s390.rpm	SHA-256: 5542cfc71aff793bfe006711f0cee082fa7086dd43716ad01ed86e73d18d5e4c

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for Power, big endian 4

SRPM
openssh-3.9p1-8.RHEL4.17.src.rpm	SHA-256: 05982190669bead9f6ff4672366eaa23ab7c20d3bbb332e852dd70e456c54117
ppc
openssh-3.9p1-8.RHEL4.17.ppc.rpm	SHA-256: 21df104f8d71f549f52eb410227be6cbff93cf7197e2cd0828bb28b866cae6b0
openssh-askpass-3.9p1-8.RHEL4.17.ppc.rpm	SHA-256: 827f50a21e662a737ea27f9029b4ad735b5257f98a253288a75a3f3e118f6000
openssh-askpass-gnome-3.9p1-8.RHEL4.17.ppc.rpm	SHA-256: 08aef999fe519ca218a6e112c1960e3a9d713fc101f1eb7fc451e9e5e34a4a30
openssh-clients-3.9p1-8.RHEL4.17.ppc.rpm	SHA-256: eca2baf61bdfbc84481429c1c640493abdd982000db6c78747eb6144b2f599a5
openssh-server-3.9p1-8.RHEL4.17.ppc.rpm	SHA-256: c95b5210c4f0e9866cff44b76d60acb7423b63276ec871b5cce201703a1a1f15

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories