Issued:
2007-11-15
Updated:
2007-11-15

RHSA-2007:0703 - Security Advisory

Synopsis

Moderate: openssh security and bug fix update

Type/Severity

Security Advisory: Moderate

Topic

Updated openssh packages that fix two security issues and various bugs are
now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. These
packages include the core files necessary for both the OpenSSH client and
server.

A flaw was found in the way the ssh server wrote account names to the
audit subsystem. An attacker could inject strings containing parts of audit
messages which could possibly mislead or confuse audit log parsing tools.
(CVE-2007-3102)

A flaw was found in the way the OpenSSH server processes GSSAPI
authentication requests. When GSSAPI authentication was enabled in OpenSSH
server, a remote attacker may have been able to determine if a username is
valid. (CVE-2006-5052)

The following bugs were also fixed:

  • the ssh daemon did not generate audit messages when an ssh session was
    closed.
  • GSSAPI authentication sometimes failed on clusters using DNS or
    load-balancing.
  • the sftp client and server leaked small amounts of memory in some cases.
  • the sftp client didn't properly exit and return non-zero status in batch
    mode when the destination disk drive was full.
  • when restarting the ssh daemon with the initscript, the ssh daemon was
    sometimes not restarted successfully because the old running ssh daemon was
    not properly killed.
  • with challenge/response authentication enabled, the pam sub-process was
    not terminated if the user authentication timed out.

All users of openssh should upgrade to these updated packages, which
contain patches to correct these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

  • BZ - 234643 - CVE-2006-5052 Kerberos information leak
  • BZ - 240909 - memory leak fixed in RHEL3 but present in RHEL4
  • BZ - 244655 - Trying to restart a hung/frozen sshd daemon doesn't show correct status
  • BZ - 247802 - sftp problem while transferring files to a partition which is 100% full
  • BZ - 248058 - CVE-2007-3102 audit logging of failed logins

CVEs

References

Red Hat Enterprise Linux Server 4

SRPM
openssh-3.9p1-8.RHEL4.24.src.rpm SHA-256: c1aebe5efa256927cba2830f9fdd264be461f7a27b39d9991a3721589e31c10b
x86_64
openssh-3.9p1-8.RHEL4.24.x86_64.rpm SHA-256: 49420169fe8747339ec69fa33af940cfea633663dae6fed424ef9e63bff1573f
openssh-3.9p1-8.RHEL4.24.x86_64.rpm SHA-256: 49420169fe8747339ec69fa33af940cfea633663dae6fed424ef9e63bff1573f
openssh-askpass-3.9p1-8.RHEL4.24.x86_64.rpm SHA-256: c6fc452047d234b651fe5ccca77e49d89948ef16da896deae1c8075fdd0dd08e
openssh-askpass-3.9p1-8.RHEL4.24.x86_64.rpm SHA-256: c6fc452047d234b651fe5ccca77e49d89948ef16da896deae1c8075fdd0dd08e
openssh-askpass-gnome-3.9p1-8.RHEL4.24.x86_64.rpm SHA-256: 983e44a3c2257f38068b4c1647195e02db91009bb7260fb2efe6537abdbdfbf6
openssh-askpass-gnome-3.9p1-8.RHEL4.24.x86_64.rpm SHA-256: 983e44a3c2257f38068b4c1647195e02db91009bb7260fb2efe6537abdbdfbf6
openssh-clients-3.9p1-8.RHEL4.24.x86_64.rpm SHA-256: f4b024c4d3b525f5bd593bf969dc660e12eaff157c345754bf432965635aa0ec
openssh-clients-3.9p1-8.RHEL4.24.x86_64.rpm SHA-256: f4b024c4d3b525f5bd593bf969dc660e12eaff157c345754bf432965635aa0ec
openssh-server-3.9p1-8.RHEL4.24.x86_64.rpm SHA-256: 65c983cdc0cce28681835c08df40f9236bcfe992c549842e9904b0052e48a477
openssh-server-3.9p1-8.RHEL4.24.x86_64.rpm SHA-256: 65c983cdc0cce28681835c08df40f9236bcfe992c549842e9904b0052e48a477
ia64
openssh-3.9p1-8.RHEL4.24.ia64.rpm SHA-256: 293fe7a8834f5b504cb749c9d4ae2099d0e7308e1b0d35940da36456775acd39
openssh-3.9p1-8.RHEL4.24.ia64.rpm SHA-256: 293fe7a8834f5b504cb749c9d4ae2099d0e7308e1b0d35940da36456775acd39
openssh-askpass-3.9p1-8.RHEL4.24.ia64.rpm SHA-256: 94fcd5a3fc94b56579d725298432efa59889da026d74bf01a604e36c73cc1a88
openssh-askpass-3.9p1-8.RHEL4.24.ia64.rpm SHA-256: 94fcd5a3fc94b56579d725298432efa59889da026d74bf01a604e36c73cc1a88
openssh-askpass-gnome-3.9p1-8.RHEL4.24.ia64.rpm SHA-256: 7b13b1268b0936b6abb3dea8a474353faaeeff5802597d12d93080bb9bd68a4c
openssh-askpass-gnome-3.9p1-8.RHEL4.24.ia64.rpm SHA-256: 7b13b1268b0936b6abb3dea8a474353faaeeff5802597d12d93080bb9bd68a4c
openssh-clients-3.9p1-8.RHEL4.24.ia64.rpm SHA-256: 7459b5abe3c55240d516cd4c751a698760f17896d1cde4a2c6cbfc81ef34c8d3
openssh-clients-3.9p1-8.RHEL4.24.ia64.rpm SHA-256: 7459b5abe3c55240d516cd4c751a698760f17896d1cde4a2c6cbfc81ef34c8d3
openssh-server-3.9p1-8.RHEL4.24.ia64.rpm SHA-256: ed5b89c491b4fb9c7342a5ded9e7e88c56f805cdc5d26a6c0ec31ab03d4580a7
openssh-server-3.9p1-8.RHEL4.24.ia64.rpm SHA-256: ed5b89c491b4fb9c7342a5ded9e7e88c56f805cdc5d26a6c0ec31ab03d4580a7
i386
openssh-3.9p1-8.RHEL4.24.i386.rpm SHA-256: e6377a515001999bb2bc92250e6b037f8bbb743bc0dfd6826a03ce0a7ff40c81
openssh-3.9p1-8.RHEL4.24.i386.rpm SHA-256: e6377a515001999bb2bc92250e6b037f8bbb743bc0dfd6826a03ce0a7ff40c81
openssh-askpass-3.9p1-8.RHEL4.24.i386.rpm SHA-256: ff793f62759f2ee70b509bd50501ca7427ff5019ede5debf68d1ee7bccad76f5
openssh-askpass-3.9p1-8.RHEL4.24.i386.rpm SHA-256: ff793f62759f2ee70b509bd50501ca7427ff5019ede5debf68d1ee7bccad76f5
openssh-askpass-gnome-3.9p1-8.RHEL4.24.i386.rpm SHA-256: 089c627fb50a67d8b9691577b478927a9438e561f130468b03eaa1b535ccbfc7
openssh-askpass-gnome-3.9p1-8.RHEL4.24.i386.rpm SHA-256: 089c627fb50a67d8b9691577b478927a9438e561f130468b03eaa1b535ccbfc7
openssh-clients-3.9p1-8.RHEL4.24.i386.rpm SHA-256: 1c9f9af7a6ca7cfe799fb449a1ddfb5c42df12acd7655db5f1086dfbb37d1c14
openssh-clients-3.9p1-8.RHEL4.24.i386.rpm SHA-256: 1c9f9af7a6ca7cfe799fb449a1ddfb5c42df12acd7655db5f1086dfbb37d1c14
openssh-server-3.9p1-8.RHEL4.24.i386.rpm SHA-256: 6f9bc6dca98d70f6f79f6c97057ae3ec35378e628deff1ee5b50f00a1164f09e
openssh-server-3.9p1-8.RHEL4.24.i386.rpm SHA-256: 6f9bc6dca98d70f6f79f6c97057ae3ec35378e628deff1ee5b50f00a1164f09e

Red Hat Enterprise Linux Workstation 4

SRPM
openssh-3.9p1-8.RHEL4.24.src.rpm SHA-256: c1aebe5efa256927cba2830f9fdd264be461f7a27b39d9991a3721589e31c10b
x86_64
openssh-3.9p1-8.RHEL4.24.x86_64.rpm SHA-256: 49420169fe8747339ec69fa33af940cfea633663dae6fed424ef9e63bff1573f
openssh-askpass-3.9p1-8.RHEL4.24.x86_64.rpm SHA-256: c6fc452047d234b651fe5ccca77e49d89948ef16da896deae1c8075fdd0dd08e
openssh-askpass-gnome-3.9p1-8.RHEL4.24.x86_64.rpm SHA-256: 983e44a3c2257f38068b4c1647195e02db91009bb7260fb2efe6537abdbdfbf6
openssh-clients-3.9p1-8.RHEL4.24.x86_64.rpm SHA-256: f4b024c4d3b525f5bd593bf969dc660e12eaff157c345754bf432965635aa0ec
openssh-server-3.9p1-8.RHEL4.24.x86_64.rpm SHA-256: 65c983cdc0cce28681835c08df40f9236bcfe992c549842e9904b0052e48a477
ia64
openssh-3.9p1-8.RHEL4.24.ia64.rpm SHA-256: 293fe7a8834f5b504cb749c9d4ae2099d0e7308e1b0d35940da36456775acd39
openssh-askpass-3.9p1-8.RHEL4.24.ia64.rpm SHA-256: 94fcd5a3fc94b56579d725298432efa59889da026d74bf01a604e36c73cc1a88
openssh-askpass-gnome-3.9p1-8.RHEL4.24.ia64.rpm SHA-256: 7b13b1268b0936b6abb3dea8a474353faaeeff5802597d12d93080bb9bd68a4c
openssh-clients-3.9p1-8.RHEL4.24.ia64.rpm SHA-256: 7459b5abe3c55240d516cd4c751a698760f17896d1cde4a2c6cbfc81ef34c8d3
openssh-server-3.9p1-8.RHEL4.24.ia64.rpm SHA-256: ed5b89c491b4fb9c7342a5ded9e7e88c56f805cdc5d26a6c0ec31ab03d4580a7
i386
openssh-3.9p1-8.RHEL4.24.i386.rpm SHA-256: e6377a515001999bb2bc92250e6b037f8bbb743bc0dfd6826a03ce0a7ff40c81
openssh-askpass-3.9p1-8.RHEL4.24.i386.rpm SHA-256: ff793f62759f2ee70b509bd50501ca7427ff5019ede5debf68d1ee7bccad76f5
openssh-askpass-gnome-3.9p1-8.RHEL4.24.i386.rpm SHA-256: 089c627fb50a67d8b9691577b478927a9438e561f130468b03eaa1b535ccbfc7
openssh-clients-3.9p1-8.RHEL4.24.i386.rpm SHA-256: 1c9f9af7a6ca7cfe799fb449a1ddfb5c42df12acd7655db5f1086dfbb37d1c14
openssh-server-3.9p1-8.RHEL4.24.i386.rpm SHA-256: 6f9bc6dca98d70f6f79f6c97057ae3ec35378e628deff1ee5b50f00a1164f09e

Red Hat Enterprise Linux Desktop 4

SRPM
openssh-3.9p1-8.RHEL4.24.src.rpm SHA-256: c1aebe5efa256927cba2830f9fdd264be461f7a27b39d9991a3721589e31c10b
x86_64
openssh-3.9p1-8.RHEL4.24.x86_64.rpm SHA-256: 49420169fe8747339ec69fa33af940cfea633663dae6fed424ef9e63bff1573f
openssh-askpass-3.9p1-8.RHEL4.24.x86_64.rpm SHA-256: c6fc452047d234b651fe5ccca77e49d89948ef16da896deae1c8075fdd0dd08e
openssh-askpass-gnome-3.9p1-8.RHEL4.24.x86_64.rpm SHA-256: 983e44a3c2257f38068b4c1647195e02db91009bb7260fb2efe6537abdbdfbf6
openssh-clients-3.9p1-8.RHEL4.24.x86_64.rpm SHA-256: f4b024c4d3b525f5bd593bf969dc660e12eaff157c345754bf432965635aa0ec
openssh-server-3.9p1-8.RHEL4.24.x86_64.rpm SHA-256: 65c983cdc0cce28681835c08df40f9236bcfe992c549842e9904b0052e48a477
i386
openssh-3.9p1-8.RHEL4.24.i386.rpm SHA-256: e6377a515001999bb2bc92250e6b037f8bbb743bc0dfd6826a03ce0a7ff40c81
openssh-askpass-3.9p1-8.RHEL4.24.i386.rpm SHA-256: ff793f62759f2ee70b509bd50501ca7427ff5019ede5debf68d1ee7bccad76f5
openssh-askpass-gnome-3.9p1-8.RHEL4.24.i386.rpm SHA-256: 089c627fb50a67d8b9691577b478927a9438e561f130468b03eaa1b535ccbfc7
openssh-clients-3.9p1-8.RHEL4.24.i386.rpm SHA-256: 1c9f9af7a6ca7cfe799fb449a1ddfb5c42df12acd7655db5f1086dfbb37d1c14
openssh-server-3.9p1-8.RHEL4.24.i386.rpm SHA-256: 6f9bc6dca98d70f6f79f6c97057ae3ec35378e628deff1ee5b50f00a1164f09e

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
openssh-3.9p1-8.RHEL4.24.src.rpm SHA-256: c1aebe5efa256927cba2830f9fdd264be461f7a27b39d9991a3721589e31c10b
s390x
openssh-3.9p1-8.RHEL4.24.s390x.rpm SHA-256: 4b1ea684174fab7482a095ff239b18cb4c9e136003824bade9838794f5fbaa99
openssh-askpass-3.9p1-8.RHEL4.24.s390x.rpm SHA-256: 00c7d0fedebe037749b8016aa53b985792699a62e280cd5134407bc00ac5dbb1
openssh-askpass-gnome-3.9p1-8.RHEL4.24.s390x.rpm SHA-256: 387443b73852600127d8e84f4f477654181db255df94ee320265dcb15ab2c45c
openssh-clients-3.9p1-8.RHEL4.24.s390x.rpm SHA-256: 56c3f30adbfeb695cdffc01b75ef5964ad9530cd567a9393c487108f1025dd97
openssh-server-3.9p1-8.RHEL4.24.s390x.rpm SHA-256: bacfdc1abc2fd6fee6861d9c31aef2e822b24ff67e382bf2612695c0985089ef
s390
openssh-3.9p1-8.RHEL4.24.s390.rpm SHA-256: bba2b9e07c5b39723d9b5b515587c6b8762723f94c3676759520b5371bd4471d
openssh-askpass-3.9p1-8.RHEL4.24.s390.rpm SHA-256: 8ea5ad69506937780f11ef6228d3f55cc0678ad7583fb8ca91e5f50f7af7156e
openssh-askpass-gnome-3.9p1-8.RHEL4.24.s390.rpm SHA-256: 0947e95da90ba067bc0045e0e3dca27383e2f237b16817dcaa56674446863d6d
openssh-clients-3.9p1-8.RHEL4.24.s390.rpm SHA-256: 6076b9b6bd145d9aaaea36a8b3838734151188fe7c5a0a2fcd8ffe899bcf0aa1
openssh-server-3.9p1-8.RHEL4.24.s390.rpm SHA-256: 1c1e36cdd01ff8490e13f4dfedda580007644675ab292ee2494f197108cd6b13

Red Hat Enterprise Linux for Power, big endian 4

SRPM
openssh-3.9p1-8.RHEL4.24.src.rpm SHA-256: c1aebe5efa256927cba2830f9fdd264be461f7a27b39d9991a3721589e31c10b
ppc
openssh-3.9p1-8.RHEL4.24.ppc.rpm SHA-256: bb7e821131e0974c35c6bd54132d3c00fc637314b3a598b6321f2b080c3ea9d1
openssh-askpass-3.9p1-8.RHEL4.24.ppc.rpm SHA-256: e2915f64bf474c061a0db5d6eb43109cd9b32ac84023ef2af4212be9dbe6ed5f
openssh-askpass-gnome-3.9p1-8.RHEL4.24.ppc.rpm SHA-256: 28e8488a0d33d6e5aea77bad5d90c8433c79020b364fcf1aa7d6ac27020d994e
openssh-clients-3.9p1-8.RHEL4.24.ppc.rpm SHA-256: abc9d81f72507d938a8e2c700a79cdf25a0e04b7d411534815347e82cc48d714
openssh-server-3.9p1-8.RHEL4.24.ppc.rpm SHA-256: ef3271bc499f783abb01f5617fed7f16e5915b8c3888586241dfb97908f0f4d0

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.