openssh rpm version greater than 4.3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Hello Team,
 
We ship our own software own top of Centos 5.2 OS and install other applications and rpms on top of rpms available in 5.2 Centos.
 
We are in the process of upgrading to a later  version of openssh (5.8 version of openssh is already available), however the latest src.rpm version of openssh available on Centos site is still
 
openssh-4.3p2-72.el5_6.3.src.rpm 
 
Which is a 4.3 and not anything in 5.x.
 
The reason we want to do it because there are many vulnerabilities in older versions of openssh.  Few are listed below.

- A signal handler race condition in OpenSSH before Version 4.4 can be exploited to cause a crash, and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. (CVE-2006-50- A denial of service vulnerability exists in sshd in OpenSSH before Version 4.4, when using the SSH protocol Version 1, because it does notproperly handle duplicate incoming blocks. This can be exploited by a remote attacker to cause sshd to consume a large quantity of CPU resources. (CVE-2006-4924)

OpenSSH is prone to a plain text recovery attack. The issue is in the SSH protocol specification itself and exists in Secure Shell (SSH) softwarewhen used with CBC-mode ciphers.

OpenSSH is prone to a vulnerability that allows attackers to hijack forwarded X connections.Successfully exploiting this issue may allow an attackerrun arbitrary shell commands

These are only some of the issues and they are fixed in versions 5.2 or later.
 
We work with openssh src.rpm and we are interested in getting a version 5.2 or greater src.rpm from Centos.   I tried compiling these rpms from openssh source, but was unsuccessful.
 
Can anyone thow some light, as to where can I get it or request it, which will work with other centos rpms.
 
thanks in advance

Thanks

Nagrik
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux