Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2009:1287 - Security Advisory
Issued:
2009-09-02
Updated:
2009-09-02

RHSA-2009:1287 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Low: openssh security, bug fix, and enhancement update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated openssh packages that fix a security issue, a bug, and add
enhancements are now available for Red Hat Enterprise Linux 5.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

Description

OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These
packages include the core files necessary for both the OpenSSH client and
server.

A flaw was found in the SSH protocol. An attacker able to perform a
man-in-the-middle attack may be able to obtain a portion of plain text from
an arbitrary ciphertext block when a CBC mode cipher was used to encrypt
SSH communication. This update helps mitigate this attack: OpenSSH clients
and servers now prefer CTR mode ciphers to CBC mode, and the OpenSSH server
now reads SSH packets up to their full possible length when corruption is
detected, rather than reporting errors early, reducing the possibility of
successful plain text recovery. (CVE-2008-5161)

This update also fixes the following bug:

  • the ssh client hung when trying to close a session in which a background

process still held tty file descriptors open. With this update, this
so-called "hang on exit" error no longer occurs and the ssh client closes
the session immediately. (BZ#454812)

In addition, this update adds the following enhancements:

  • the SFTP server can now chroot users to various directories, including

a user's home directory, after log in. A new configuration option --
ChrootDirectory -- has been added to "/etc/ssh/sshd_config" for setting
this up (the default is not to chroot users). Details regarding configuring
this new option are in the sshd_config(5) manual page. (BZ#440240)

  • the executables which are part of the OpenSSH FIPS module which is being

validated will check their integrity and report their FIPS mode status to
the system log or to the terminal. (BZ#467268, BZ#492363)

All OpenSSH users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues and add these
enhancements. After installing this update, the OpenSSH server daemon
(sshd) will be restarted automatically.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 440240 - request to add chroot sftp capabilty into openssh-server
  • BZ - 472068 - CVE-2008-5161 OpenSSH: Plaintext Recovery Attack against CBC ciphers

CVEs

  • CVE-2008-5161

References

  • http://www.redhat.com/security/updates/classification/#low
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
openssh-4.3p2-36.el5.src.rpm SHA-256: 0e130a2b5ce96f5e8339b7b403df7a7ed7a60270889453a89b9b2c6591de60b9
x86_64
openssh-4.3p2-36.el5.x86_64.rpm SHA-256: edc0ee357fc27933402578b4751c4e9ee314e1d90c7c13e1c26fb77232ad29e2
openssh-askpass-4.3p2-36.el5.x86_64.rpm SHA-256: 386732f265e0e7c2f71c34eb9c76ee89ed3cdd004b4a954039bf530102dfc9bb
openssh-clients-4.3p2-36.el5.x86_64.rpm SHA-256: 78965d87bf38cf35b0ed73e0939c49f9bd326b0d37e85e2cb6902c44cc6d080a
openssh-server-4.3p2-36.el5.x86_64.rpm SHA-256: 7c3618a01b12b1236c42372262b9b3560fe9b645832a394722079ee566ac528c
ia64
openssh-4.3p2-36.el5.ia64.rpm SHA-256: 3a9a95e8066d3026b9b631fbb38d430afb1d9744391011e0d6e7d6c0624a3471
openssh-askpass-4.3p2-36.el5.ia64.rpm SHA-256: be4b077343d980624e23d2e816e65381740136dff3792f6d0122480be17ab7bd
openssh-clients-4.3p2-36.el5.ia64.rpm SHA-256: bdbb24a5d36efdc103fc28fd69350176472466568883a912524f6b3cb4c6db84
openssh-server-4.3p2-36.el5.ia64.rpm SHA-256: ca8dbbc0532899acb8123ca889cb85651b411ecc27a658b2ca0aaeb09103fb60
i386
openssh-4.3p2-36.el5.i386.rpm SHA-256: c5f7f3ae4606249f62126d8244a142d9507c6f65962c7590d853f613a306093e
openssh-askpass-4.3p2-36.el5.i386.rpm SHA-256: 3ab862a8fb6b755b5b8b7c949c9403cd5f2c79bdc3a6eb8d1014fa640b08d09f
openssh-clients-4.3p2-36.el5.i386.rpm SHA-256: 153f8442b072f5d7180ca11c38d8e622a42a2055b8d1e675e31e13a8b9e8545f
openssh-server-4.3p2-36.el5.i386.rpm SHA-256: f994b07d41eb6c3ed090b768817cfebffed4a7f6ece9e19a3c3eede2690d49a3

Red Hat Enterprise Linux Workstation 5

SRPM
openssh-4.3p2-36.el5.src.rpm SHA-256: 0e130a2b5ce96f5e8339b7b403df7a7ed7a60270889453a89b9b2c6591de60b9
x86_64
openssh-4.3p2-36.el5.x86_64.rpm SHA-256: edc0ee357fc27933402578b4751c4e9ee314e1d90c7c13e1c26fb77232ad29e2
openssh-askpass-4.3p2-36.el5.x86_64.rpm SHA-256: 386732f265e0e7c2f71c34eb9c76ee89ed3cdd004b4a954039bf530102dfc9bb
openssh-clients-4.3p2-36.el5.x86_64.rpm SHA-256: 78965d87bf38cf35b0ed73e0939c49f9bd326b0d37e85e2cb6902c44cc6d080a
openssh-server-4.3p2-36.el5.x86_64.rpm SHA-256: 7c3618a01b12b1236c42372262b9b3560fe9b645832a394722079ee566ac528c
i386
openssh-4.3p2-36.el5.i386.rpm SHA-256: c5f7f3ae4606249f62126d8244a142d9507c6f65962c7590d853f613a306093e
openssh-askpass-4.3p2-36.el5.i386.rpm SHA-256: 3ab862a8fb6b755b5b8b7c949c9403cd5f2c79bdc3a6eb8d1014fa640b08d09f
openssh-clients-4.3p2-36.el5.i386.rpm SHA-256: 153f8442b072f5d7180ca11c38d8e622a42a2055b8d1e675e31e13a8b9e8545f
openssh-server-4.3p2-36.el5.i386.rpm SHA-256: f994b07d41eb6c3ed090b768817cfebffed4a7f6ece9e19a3c3eede2690d49a3

Red Hat Enterprise Linux Desktop 5

SRPM
openssh-4.3p2-36.el5.src.rpm SHA-256: 0e130a2b5ce96f5e8339b7b403df7a7ed7a60270889453a89b9b2c6591de60b9
x86_64
openssh-4.3p2-36.el5.x86_64.rpm SHA-256: edc0ee357fc27933402578b4751c4e9ee314e1d90c7c13e1c26fb77232ad29e2
openssh-askpass-4.3p2-36.el5.x86_64.rpm SHA-256: 386732f265e0e7c2f71c34eb9c76ee89ed3cdd004b4a954039bf530102dfc9bb
openssh-clients-4.3p2-36.el5.x86_64.rpm SHA-256: 78965d87bf38cf35b0ed73e0939c49f9bd326b0d37e85e2cb6902c44cc6d080a
openssh-server-4.3p2-36.el5.x86_64.rpm SHA-256: 7c3618a01b12b1236c42372262b9b3560fe9b645832a394722079ee566ac528c
i386
openssh-4.3p2-36.el5.i386.rpm SHA-256: c5f7f3ae4606249f62126d8244a142d9507c6f65962c7590d853f613a306093e
openssh-askpass-4.3p2-36.el5.i386.rpm SHA-256: 3ab862a8fb6b755b5b8b7c949c9403cd5f2c79bdc3a6eb8d1014fa640b08d09f
openssh-clients-4.3p2-36.el5.i386.rpm SHA-256: 153f8442b072f5d7180ca11c38d8e622a42a2055b8d1e675e31e13a8b9e8545f
openssh-server-4.3p2-36.el5.i386.rpm SHA-256: f994b07d41eb6c3ed090b768817cfebffed4a7f6ece9e19a3c3eede2690d49a3

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
openssh-4.3p2-36.el5.src.rpm SHA-256: 0e130a2b5ce96f5e8339b7b403df7a7ed7a60270889453a89b9b2c6591de60b9
s390x
openssh-4.3p2-36.el5.s390x.rpm SHA-256: 744fb90640c2329dd04cf4b0cc67adae3f9e3af123318194f69c2be68b97cc4d
openssh-askpass-4.3p2-36.el5.s390x.rpm SHA-256: 4c4bb7837cd6c9c6ec6fef0e38015a421e27ec7a6124f056c08350a731d3c493
openssh-clients-4.3p2-36.el5.s390x.rpm SHA-256: d6440a9f4e3626e5aa017dc34685fb89e97f619b7c755ce02e9f569af48e1f71
openssh-server-4.3p2-36.el5.s390x.rpm SHA-256: a935216f15fd5e8148dd6a26787dcb70a1acfee3f3bbe73f730fde103d873d81

Red Hat Enterprise Linux for Power, big endian 5

SRPM
openssh-4.3p2-36.el5.src.rpm SHA-256: 0e130a2b5ce96f5e8339b7b403df7a7ed7a60270889453a89b9b2c6591de60b9
ppc
openssh-4.3p2-36.el5.ppc.rpm SHA-256: 00bd7ff9c9c1134a24d27172aeb33e13218c42aeea9fcf636f6829bc79a8c3ee
openssh-askpass-4.3p2-36.el5.ppc.rpm SHA-256: e2f9c30aa6f3e32e01bc97e3a81f5c0ddf606f541f54335acb735add38611922
openssh-clients-4.3p2-36.el5.ppc.rpm SHA-256: f0d936833203e43be899bb6961a570fe02e0cc3851b2ed55310177255bce8b5d
openssh-server-4.3p2-36.el5.ppc.rpm SHA-256: 4c9c5d03c9f424140ae0f19acdf1d08a9f71e9cd19ec5d5333fbb118351d6917

Red Hat Enterprise Linux Server from RHUI 5

SRPM
openssh-4.3p2-36.el5.src.rpm SHA-256: 0e130a2b5ce96f5e8339b7b403df7a7ed7a60270889453a89b9b2c6591de60b9
x86_64
openssh-4.3p2-36.el5.x86_64.rpm SHA-256: edc0ee357fc27933402578b4751c4e9ee314e1d90c7c13e1c26fb77232ad29e2
openssh-askpass-4.3p2-36.el5.x86_64.rpm SHA-256: 386732f265e0e7c2f71c34eb9c76ee89ed3cdd004b4a954039bf530102dfc9bb
openssh-clients-4.3p2-36.el5.x86_64.rpm SHA-256: 78965d87bf38cf35b0ed73e0939c49f9bd326b0d37e85e2cb6902c44cc6d080a
openssh-server-4.3p2-36.el5.x86_64.rpm SHA-256: 7c3618a01b12b1236c42372262b9b3560fe9b645832a394722079ee566ac528c
i386
openssh-4.3p2-36.el5.i386.rpm SHA-256: c5f7f3ae4606249f62126d8244a142d9507c6f65962c7590d853f613a306093e
openssh-askpass-4.3p2-36.el5.i386.rpm SHA-256: 3ab862a8fb6b755b5b8b7c949c9403cd5f2c79bdc3a6eb8d1014fa640b08d09f
openssh-clients-4.3p2-36.el5.i386.rpm SHA-256: 153f8442b072f5d7180ca11c38d8e622a42a2055b8d1e675e31e13a8b9e8545f
openssh-server-4.3p2-36.el5.i386.rpm SHA-256: f994b07d41eb6c3ed090b768817cfebffed4a7f6ece9e19a3c3eede2690d49a3

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2022 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter