--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-123014 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123014 2005-06-24 --------------------------------------------------------------------- Name : openssh Versions : rh73: openssh-3.1p1-14.2.legacy Versions : rh9: openssh-3.5p1-11.2.legacy Versions : fc1: openssh-3.6.1p2-19.2.legacy Versions : fc2: openssh-3.6.1p2-34.2.legacy Summary : The OpenSSH implementation of SSH protocol. Description : OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. SSH replaces rlogin and rsh, to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. Public key authentication may be used for "passwordless" access to servers. --------------------------------------------------------------------- Update Information: Updated openssh packages that fix a potential security vulnerability are now available. OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. SSH replaces rlogin and rsh, and provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over a secure channel. Public key authentication can be used for "passwordless" access to servers. The scp protocol allows a server to instruct a client to write to arbitrary files outside of the current directory. This could potentially cause a security issue if a user uses scp to copy files from a malicious server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0175 to this issue. These updated packages also correct the following bug: On systems where direct ssh access for the root user was disabled by configuration (setting "PermitRootLogin no"), attempts to guess the root password could be judged as sucessful or unsucessful by observing a delay. Users of openssh should upgrade to these updated packages, which contain backported patches to resolve these issues. --------------------------------------------------------------------- Changelogs rh73: * Thu Jun 23 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 3.1p1-14.2.legacy - Added missing pam-devel and groff to BuildPrereq * Fri Jun 10 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 3.1p1-14.1.legacy - CAN-2004-0175 don't allow scp to overwrite files in other directories - don't leak whether root password is right if root isn't allowed rh9: * Fri Jun 24 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 3.5p1-11.2.legacy - Added missing pam-devel, groff and gtk2-devel BuildPrereq * Fri Jun 10 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 3.5p1-11.1.legacy - CAN-2004-0175 don't allow scp to overwrite files in other directories - don't leak whether root password is right if root isn't allowed fc1: * Fri Jun 24 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 3.6.1p1-19.2.legacy - Added missing pam-devel and groff to BuildPrereq * Fri Jun 10 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 3.6.1p1-19.1.legacy - CAN-2004-0175 don't allow scp to overwrite files in other directories - don't leak whether root password is right if root isn't allowed fc2: * Fri Jun 24 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 3.6.1p2-34.2.legacy - Added missing pam-devel and groff BuildPrereq * Fri Jun 10 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 3.6.1p2-34.1.legacy - CAN-2004-0175 don't allow scp to overwrite files in other directories - don't leak whether root password is right if root isn't allowed --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh73: 8bd4e4daf209249160c1d7f170c63b0d0f43bb54 redhat/7.3/updates-testing/i386/openssh-3.1p1-14.2.legacy.i386.rpm d24556ae238b448fe37d0ce1afa032a743b7339b redhat/7.3/updates-testing/i386/openssh-askpass-3.1p1-14.2.legacy.i386.rpm d7034dde021d188bbfff57b9287ea0f8dea162b0 redhat/7.3/updates-testing/i386/openssh-askpass-gnome-3.1p1-14.2.legacy.i386.rpm b24fa1844c81632719b0ee10c5aba27e72b1ef11 redhat/7.3/updates-testing/i386/openssh-clients-3.1p1-14.2.legacy.i386.rpm 7567b5a4c4f49ee9d247b30ae35741d3e0885f59 redhat/7.3/updates-testing/i386/openssh-server-3.1p1-14.2.legacy.i386.rpm 93591a2b6fd1d4be2796be09e108ff301bab9baf redhat/7.3/updates-testing/SRPMS/openssh-3.1p1-14.2.legacy.src.rpm rh9: 35820cc8261fffa5e1bbce4b22abb6075966418a redhat/9/updates-testing/i386/openssh-3.5p1-11.2.legacy.i386.rpm b006d5c937b482b30835d4a5283683f039d2c963 redhat/9/updates-testing/i386/openssh-askpass-3.5p1-11.2.legacy.i386.rpm 75f2303826649634880245fa13935c74bf76b8df redhat/9/updates-testing/i386/openssh-askpass-gnome-3.5p1-11.2.legacy.i386.rpm 598d2940ce65b82de88a7e563b0450752d679d50 redhat/9/updates-testing/i386/openssh-clients-3.5p1-11.2.legacy.i386.rpm d23f5da5bae703ee28a1de84999ce8fb4945ba20 redhat/9/updates-testing/i386/openssh-server-3.5p1-11.2.legacy.i386.rpm 67ac403b9057d01c5bbfc0ac0d7334955086f080 redhat/9/updates-testing/SRPMS/openssh-3.5p1-11.2.legacy.src.rpm fc1: 09ba397b8a3cdee453ab44af50470f392b1a1d9a fedora/1/updates-testing/i386/openssh-3.6.1p2-19.2.legacy.i386.rpm a59fbcbe89778e212b4ccaa397f298ad35291020 fedora/1/updates-testing/i386/openssh-askpass-3.6.1p2-19.2.legacy.i386.rpm d026e18b3d16d4b05d204de3aa1de9cf5e9ae756 fedora/1/updates-testing/i386/openssh-askpass-gnome-3.6.1p2-19.2.legacy.i386.rpm 70ebb446b1cc50bb2e242af4ec04cee53aa71713 fedora/1/updates-testing/i386/openssh-clients-3.6.1p2-19.2.legacy.i386.rpm 1af3ab8e0b843f6bf72c9061f3399ce09f674c98 fedora/1/updates-testing/i386/openssh-server-3.6.1p2-19.2.legacy.i386.rpm cee2cbca4b9fde1534bf76c9cb46d1ddd7a30fc7 fedora/1/updates-testing/SRPMS/openssh-3.6.1p2-19.2.legacy.src.rpm fc2: 42a086b1508853dd44be7d88e562613764c359cb fedora/2/updates-testing/i386/openssh-3.6.1p2-34.2.legacy.i386.rpm f39c8fc529c50d0a67eedb89abb04015970a5ec2 fedora/2/updates-testing/i386/openssh-askpass-3.6.1p2-34.2.legacy.i386.rpm 30c087e45ae7a3c6abcff83d8608d1c8d881458c fedora/2/updates-testing/i386/openssh-askpass-gnome-3.6.1p2-34.2.legacy.i386.rpm 53851fd533168707f6f250d66506dc51769c9348 fedora/2/updates-testing/i386/openssh-clients-3.6.1p2-34.2.legacy.i386.rpm 833ce8cf4f100a2b5b48aa77cb9d67fecba93366 fedora/2/updates-testing/i386/openssh-server-3.6.1p2-34.2.legacy.i386.rpm c7584c616f01c21264e912e77892ebc8bbd8be29 fedora/2/updates-testing/SRPMS/openssh-3.6.1p2-34.2.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
