Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Red Hat Enterprise Linux 2.1 RHSA-2006:0698-01 Critical: Openssh DoS

red hat
Calendar Grey September 28, 2006
Dist Redhat Esm H88
Urgent Red Hat bulletin enhances openssh to resolve significant vulnerabilities and mitigate multiple threats and concerns.
Updated openssh packages that fix several security issues in sshd are now available for Red Hat Enterprise Linux 2.1

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

174026 - CVE-2006-0225 local to local copy uses shell expansion twice 208248 - CVE-2003-0386 host based access bypass 208298 - CVE-2006-4924 openssh DoS 208430 - CVE-2006-5051 unsafe GSSAPI signal handler

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: a62d73d72a85cd4f505498620728e2ee openssh-3.1p1-21.src.rpm

i386: c504545a33a373c674f2dd2f2b0d16ef openssh-3.1p1-21.i386.rpm 9c6738a9b658806ab56f972dbe665933 openssh-askpass-3.1p1-21.i386.rpm fd049bc8f612922a0661bd3e435c7c31 openssh-askpass-gnome-3.1p1-21.i386.rpm e4e081840bcaad593b49f0bebdebaab1 openssh-clients-3.1p1-21.i386.rpm 33963303ac6d5e6bd0085c24cce7a442 openssh-server-3.1p1-21.i386.rpm

ia64: b276261699adcb17f416e772b4e9be0c openssh-3.1p1-21.ia64.rpm 0799c0755a5ab6c535d30b8eae4c2f44 openssh-askpass-3.1p1-21.ia64.rpm 0b784feaf17e7f82a5370151b804ab1d openssh-askpass-gnome-3.1p1-21.ia64.rpm 5ee6cbd8bfc153ff3f588e11c825c20c openssh-clients-3.1p1-21.ia64.rpm e1852f54796b77c0a01bcb2f1557868d openssh-server-3.1p1-21.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: a62d73d72a85cd4f505498620728e2ee openssh-3.1p1-21.src.rpm

ia64: b276261699adcb17f416e772b4e9be0c openssh-3.1p1-21.ia64.rpm 0799c0755a5ab6c535d30b8eae4c2f44 openssh-askpass-3.1p1-21.ia64.rpm 0b784feaf17e7f82a5370151b804ab1d openssh-askpass-gnome-3.1p1-21.ia64.rpm 5ee6cbd8bfc153ff3f588e11c825c20c openssh-clients-3.1p1-21.ia64.rpm e1852f54796b77c0a01bcb2f1557868d openssh-server-3.1p1-21.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: a62d73d72a85cd4f505498620728e2ee openssh-3.1p1-21.src.rpm

i386: c504545a33a373c674f2dd2f2b0d16ef openssh-3.1p1-21.i386.rpm 9c6738a9b658806ab56f972dbe665933 openssh-askpass-3.1p1-21.i386.rpm fd049bc8f612922a0661bd3e435c7c31 openssh-askpass-gnome-3.1p1-21.i386.rpm e4e081840bcaad593b49f0bebdebaab1 openssh-clients-3.1p1-21.i386.rpm 33963303ac6d5e6bd0085c24cce7a442 openssh-server-3.1p1-21.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: a62d73d72a85cd4f505498620728e2ee openssh-3.1p1-21.src.rpm

i386: c504545a33a373c674f2dd2f2b0d16ef openssh-3.1p1-21.i386.rpm 9c6738a9b658806ab56f972dbe665933 openssh-askpass-3.1p1-21.i386.rpm fd049bc8f612922a0661bd3e435c7c31 openssh-askpass-gnome-3.1p1-21.i386.rpm e4e081840bcaad593b49f0bebdebaab1 openssh-clients-3.1p1-21.i386.rpm 33963303ac6d5e6bd0085c24cce7a442 openssh-server-3.1p1-21.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package

Summary

References

https://www.cve.org/CVERecord?id=CVE-2006-4924 https://www.cve.org/CVERecord?id=CVE-2006-0225 https://www.cve.org/CVERecord?id=CVE-2003-0386 https://www.cve.org/CVERecord?id=CVE-2006-5051 https://access.redhat.com/security/updates/classification#important

Package List


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2006:0698-01
Issue date: 2006-09-28
Updated on: 2006-09-28
Product: Red Hat Enterprise Linux

Topic

Relevant Releases Architectures

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64

Red Hat Linux Advanced Workstation 2.1 - ia64

Red Hat Enterprise Linux ES version 2.1 - i386

Red Hat Enterprise Linux WS version 2.1 - i386

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here