Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2009:1470 - Security Advisory
Issued:
2009-09-30
Updated:
2009-09-30

RHSA-2009:1470 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: openssh security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated openssh packages that fix a security issue are now available for
Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These
packages include the core files necessary for both the OpenSSH client and
server.

A Red Hat specific patch used in the openssh packages as shipped in Red
Hat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain ownership
requirements for directories used as arguments for the ChrootDirectory
configuration options. A malicious user that also has or previously had
non-chroot shell access to a system could possibly use this flaw to
escalate their privileges and run commands as any system user.
(CVE-2009-2904)

All OpenSSH users are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing this
update, the OpenSSH server daemon (sshd) will be restarted automatically.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.4 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.4 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.4 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.4 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.4 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 522141 - CVE-2009-2904 openssh: possible privilege escalation when using ChrootDirectory setting

CVEs

  • CVE-2009-2904

References

  • http://www.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
openssh-4.3p2-36.el5_4.2.src.rpm SHA-256: adf779ff515428f5566fcee27cf7d7ed2ec2eb58d2d6603775901d53defcfcc9
x86_64
openssh-4.3p2-36.el5_4.2.x86_64.rpm SHA-256: db11aef11c9c8680af7a5401b712b90ea724a0eef0237bf1790ab957ae221285
openssh-askpass-4.3p2-36.el5_4.2.x86_64.rpm SHA-256: 4479ed9de216fef0609245385fd02526389b8ded065ae3ab9284a8f46a90c2cc
openssh-clients-4.3p2-36.el5_4.2.x86_64.rpm SHA-256: 4e41cb567e1a17988abeb96434be053fcb9c5dbe1baec1b2528c89602ab02154
openssh-server-4.3p2-36.el5_4.2.x86_64.rpm SHA-256: 4eb8ac05eb388be5f7160a27b0b52581836b50ba5d54ef53fbdb467ea7b689b1
ia64
openssh-4.3p2-36.el5_4.2.ia64.rpm SHA-256: 009486b5d60f8f77c8d4df7f5c02fcd8b5d87f7e47cf17347ce642db7bb81051
openssh-askpass-4.3p2-36.el5_4.2.ia64.rpm SHA-256: 2cdfd8f60798079e5c1ae997c6747268609310f218a549b4a74531d50a38c8b0
openssh-clients-4.3p2-36.el5_4.2.ia64.rpm SHA-256: e5f8180bf5c0f804a854fe12c289cd2a354ce8ec8b80030e1797cd3df72650a3
openssh-server-4.3p2-36.el5_4.2.ia64.rpm SHA-256: d45cff6fe1a6398fbd117869e7a88d29ca204e02303a02dcc828d93bc7e8e881
i386
openssh-4.3p2-36.el5_4.2.i386.rpm SHA-256: 0cad3a050bd6976617070cf6fbf546e7a476618fc9df4dd57b114c0b00b82116
openssh-askpass-4.3p2-36.el5_4.2.i386.rpm SHA-256: ade4d4d7438f801edfc584c77cae431d58629a8e65989dff3fec0eb9a0c67adc
openssh-clients-4.3p2-36.el5_4.2.i386.rpm SHA-256: f7bba90c1be3f7d8fb62b2fde66557af70a75e7e42f55df7c8b31945a8f6acbc
openssh-server-4.3p2-36.el5_4.2.i386.rpm SHA-256: 2c46a28d60ca7b0239e18eaeeb1d6becd847e89de4b655853659d727b4dae410

Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.4

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 5

SRPM
openssh-4.3p2-36.el5_4.2.src.rpm SHA-256: adf779ff515428f5566fcee27cf7d7ed2ec2eb58d2d6603775901d53defcfcc9
x86_64
openssh-4.3p2-36.el5_4.2.x86_64.rpm SHA-256: db11aef11c9c8680af7a5401b712b90ea724a0eef0237bf1790ab957ae221285
openssh-askpass-4.3p2-36.el5_4.2.x86_64.rpm SHA-256: 4479ed9de216fef0609245385fd02526389b8ded065ae3ab9284a8f46a90c2cc
openssh-clients-4.3p2-36.el5_4.2.x86_64.rpm SHA-256: 4e41cb567e1a17988abeb96434be053fcb9c5dbe1baec1b2528c89602ab02154
openssh-server-4.3p2-36.el5_4.2.x86_64.rpm SHA-256: 4eb8ac05eb388be5f7160a27b0b52581836b50ba5d54ef53fbdb467ea7b689b1
i386
openssh-4.3p2-36.el5_4.2.i386.rpm SHA-256: 0cad3a050bd6976617070cf6fbf546e7a476618fc9df4dd57b114c0b00b82116
openssh-askpass-4.3p2-36.el5_4.2.i386.rpm SHA-256: ade4d4d7438f801edfc584c77cae431d58629a8e65989dff3fec0eb9a0c67adc
openssh-clients-4.3p2-36.el5_4.2.i386.rpm SHA-256: f7bba90c1be3f7d8fb62b2fde66557af70a75e7e42f55df7c8b31945a8f6acbc
openssh-server-4.3p2-36.el5_4.2.i386.rpm SHA-256: 2c46a28d60ca7b0239e18eaeeb1d6becd847e89de4b655853659d727b4dae410

Red Hat Enterprise Linux Desktop 5

SRPM
openssh-4.3p2-36.el5_4.2.src.rpm SHA-256: adf779ff515428f5566fcee27cf7d7ed2ec2eb58d2d6603775901d53defcfcc9
x86_64
openssh-4.3p2-36.el5_4.2.x86_64.rpm SHA-256: db11aef11c9c8680af7a5401b712b90ea724a0eef0237bf1790ab957ae221285
openssh-askpass-4.3p2-36.el5_4.2.x86_64.rpm SHA-256: 4479ed9de216fef0609245385fd02526389b8ded065ae3ab9284a8f46a90c2cc
openssh-clients-4.3p2-36.el5_4.2.x86_64.rpm SHA-256: 4e41cb567e1a17988abeb96434be053fcb9c5dbe1baec1b2528c89602ab02154
openssh-server-4.3p2-36.el5_4.2.x86_64.rpm SHA-256: 4eb8ac05eb388be5f7160a27b0b52581836b50ba5d54ef53fbdb467ea7b689b1
i386
openssh-4.3p2-36.el5_4.2.i386.rpm SHA-256: 0cad3a050bd6976617070cf6fbf546e7a476618fc9df4dd57b114c0b00b82116
openssh-askpass-4.3p2-36.el5_4.2.i386.rpm SHA-256: ade4d4d7438f801edfc584c77cae431d58629a8e65989dff3fec0eb9a0c67adc
openssh-clients-4.3p2-36.el5_4.2.i386.rpm SHA-256: f7bba90c1be3f7d8fb62b2fde66557af70a75e7e42f55df7c8b31945a8f6acbc
openssh-server-4.3p2-36.el5_4.2.i386.rpm SHA-256: 2c46a28d60ca7b0239e18eaeeb1d6becd847e89de4b655853659d727b4dae410

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
openssh-4.3p2-36.el5_4.2.src.rpm SHA-256: adf779ff515428f5566fcee27cf7d7ed2ec2eb58d2d6603775901d53defcfcc9
s390x
openssh-4.3p2-36.el5_4.2.s390x.rpm SHA-256: 16603a7045e84cead418b152241282bddae16c3edfbd264f79aa20889831c793
openssh-askpass-4.3p2-36.el5_4.2.s390x.rpm SHA-256: b0e42d8fa74822e807e1406f96db5ce9b9fe08930eb733a4b665e43c69c1330c
openssh-clients-4.3p2-36.el5_4.2.s390x.rpm SHA-256: dda9419a8f697348e9eaa118e14112e2eb6cfd1d191a8bbc01f659557c2922f7
openssh-server-4.3p2-36.el5_4.2.s390x.rpm SHA-256: 58a290288abb9bbea04bec05c09fdb563166654b918b7e72bf2679941765ed9b

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.4

SRPM
s390x

Red Hat Enterprise Linux for Power, big endian 5

SRPM
openssh-4.3p2-36.el5_4.2.src.rpm SHA-256: adf779ff515428f5566fcee27cf7d7ed2ec2eb58d2d6603775901d53defcfcc9
ppc
openssh-4.3p2-36.el5_4.2.ppc.rpm SHA-256: 96bc0cf8aa5dfe5f2c39815e82e3c551d414fc9e6f78cbcb5682312e6f3bbbff
openssh-askpass-4.3p2-36.el5_4.2.ppc.rpm SHA-256: 544c138b8834cd889a920962243ec2790797b5aae83c48cc61ca9fbec9518511
openssh-clients-4.3p2-36.el5_4.2.ppc.rpm SHA-256: 18d87eb8d6cb7bee8c09d82ab24ca49462086f9072a5bad436622b27e09889cd
openssh-server-4.3p2-36.el5_4.2.ppc.rpm SHA-256: 877058bab8211da7599b04045a896dd1c216eaec3162fe81fb586d242c1c82bb

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.4

SRPM
ppc

Red Hat Enterprise Linux Server from RHUI 5

SRPM
openssh-4.3p2-36.el5_4.2.src.rpm SHA-256: adf779ff515428f5566fcee27cf7d7ed2ec2eb58d2d6603775901d53defcfcc9
x86_64
openssh-4.3p2-36.el5_4.2.x86_64.rpm SHA-256: db11aef11c9c8680af7a5401b712b90ea724a0eef0237bf1790ab957ae221285
openssh-askpass-4.3p2-36.el5_4.2.x86_64.rpm SHA-256: 4479ed9de216fef0609245385fd02526389b8ded065ae3ab9284a8f46a90c2cc
openssh-clients-4.3p2-36.el5_4.2.x86_64.rpm SHA-256: 4e41cb567e1a17988abeb96434be053fcb9c5dbe1baec1b2528c89602ab02154
openssh-server-4.3p2-36.el5_4.2.x86_64.rpm SHA-256: 4eb8ac05eb388be5f7160a27b0b52581836b50ba5d54ef53fbdb467ea7b689b1
i386
openssh-4.3p2-36.el5_4.2.i386.rpm SHA-256: 0cad3a050bd6976617070cf6fbf546e7a476618fc9df4dd57b114c0b00b82116
openssh-askpass-4.3p2-36.el5_4.2.i386.rpm SHA-256: ade4d4d7438f801edfc584c77cae431d58629a8e65989dff3fec0eb9a0c67adc
openssh-clients-4.3p2-36.el5_4.2.i386.rpm SHA-256: f7bba90c1be3f7d8fb62b2fde66557af70a75e7e42f55df7c8b31945a8f6acbc
openssh-server-4.3p2-36.el5_4.2.i386.rpm SHA-256: 2c46a28d60ca7b0239e18eaeeb1d6becd847e89de4b655853659d727b4dae410

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2022 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter