Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Red Hat Linux 7: RHSA-2003:222-01 Critical: OpenSSH Information Leak

red hat
Calendar Grey July 29, 2003
Dist Redhat Esm H88
Essential update issued for OpenSSH on CentOS, addressing data breach risks via PAM login processes.
Under certainconditions, OpenSSH versions prior to 3.6.1p1 reject an invalidauthentication attempt without first attempting authentication using PAM.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs.

Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. RPMs required:

Red Hat Linux 7.1:

SRPMS:


i386:






Red Hat Linux 7.1 for iSeries (64 bit):

SRPMS:


ppc:






Red Hat Linux 7.1 for pSeries (64 bit):

SRPMS:


ppc:






Red Hat Linux 7.2:

SRPMS:


i386:






ia64:






Red Hat Linux 7.3:

SRPMS:


i386:






Red Hat Linux 8.0:

SRPMS:


i386:






Red Hat Linux 9:

SRPMS:


i386:








6. Verification:

MD5 sum Package Name bfbd152a2069230041ff1298b0562061 7.1/en/os/SRPMS/openssh-3.1p1-7.src.rpm 48c37500a4c7984673878edbef7e9cde 7.1/en/os/i386/openssh-3.1p1-7.i386.rpm 3f59bffd703bac24632f4e34e2beed22 7.1/en/os/i386/openssh-askpass-3.1p1-7.i386.rpm def478c5b3f97af908e3cb4d8306662b 7.1/en/os/i386/openssh-askpass-gnome-3.1p1-7.i386.rpm e9947146ea766572cbd9457f320a4f06 7.1/en/os/i386/openssh-clients-3.1p1-7.i386.rpm 879cbb50923935cebf20b39578dc8eed 7.1/en/os/i386/openssh-server-3.1p1-7.i386.rpm bfbd152a2069230041ff1298b0562061 7.1/en/os/iSeries/SRPMS/openssh-3.1p1-7.src.rpm 7c8aa13e79e6c856181852de76c86722 7.1/en/os/iSeries/ppc/openssh-3.1p1-7.ppc.rpm b1a591c23d345fd96f2d0fab2eb958be 7.1/en/os/iSeries/ppc/openssh-askpass-3.1p1-7.ppc.rpm ae6d48792fea701e75b114333babe37c 7.1/en/os/iSeries/ppc/openssh-askpass-gnome-3.1p1-7.ppc.rpm f7ee0ce5cefe22043828863da06ce331 7.1/en/os/iSeries/ppc/openssh-clients-3.1p1-7.ppc.rpm d9f993c8fa47ec3956f5e1e3c6f176d5 7.1/en/os/iSeries/ppc/openssh-server-3.1p1-7.ppc.rpm bfbd152a2069230041ff1298b0562061 7.1/en/os/pSeries/SRPMS/openssh-3.1p1-7.src.rpm 7c8aa13e79e6c856181852de76c86722 7.1/en/os/pSeries/ppc/openssh-3.1p1-7.ppc.rpm b1a591c23d345fd96f2d0fab2eb958be 7.1/en/os/pSeries/ppc/openssh-askpass-3.1p1-7.ppc.rpm ae6d48792fea701e75b114333babe37c 7.1/en/os/pSeries/ppc/openssh-askpass-gnome-3.1p1-7.ppc.rpm f7ee0ce5cefe22043828863da06ce331 7.1/en/os/pSeries/ppc/openssh-clients-3.1p1-7.ppc.rpm d9f993c8fa47ec3956f5e1e3c6f176d5 7.1/en/os/pSeries/ppc/openssh-server-3.1p1-7.ppc.rpm 22f17a835f12a4131a21487d5ee3dec6 7.2/en/os/SRPMS/openssh-3.1p1-8.src.rpm 013694ec0e839f077e7980d9cebfa277 7.2/en/os/i386/openssh-3.1p1-8.i386.rpm a942a051510a5a0aa34b0774d6eb8ee0 7.2/en/os/i386/openssh-askpass-3.1p1-8.i386.rpm de35a67fa21ec478aff57ce5c830f84e 7.2/en/os/i386/openssh-askpass-gnome-3.1p1-8.i386.rpm 8c9d37f46f76093eccea80571d687d46 7.2/en/os/i386/openssh-clients-3.1p1-8.i386.rpm 42ec08d8633862da9c988524fecdafbb 7.2/en/os/i386/openssh-server-3.1p1-8.i386.rpm d9441bbe925832b82766b8140fb4bb77 7.2/en/os/ia64/openssh-3.1p1-8.ia64.rpm 58765b526317e03dcf9371d9b225fa68 7.2/en/os/ia64/openssh-askpass-3.1p1-8.ia64.rpm 46b8de0e5072ff7ee614c7e5dfc536b9 7.2/en/os/ia64/openssh-askpass-gnome-3.1p1-8.ia64.rpm 1e95e8ca735b971bcb1a1824becaa582 7.2/en/os/ia64/openssh-clients-3.1p1-8.ia64.rpm 8ae51f6f0116f60fd29545b4f9560613 7.2/en/os/ia64/openssh-server-3.1p1-8.ia64.rpm 22f17a835f12a4131a21487d5ee3dec6 7.3/en/os/SRPMS/openssh-3.1p1-8.src.rpm 013694ec0e839f077e7980d9cebfa277 7.3/en/os/i386/openssh-3.1p1-8.i386.rpm a942a051510a5a0aa34b0774d6eb8ee0 7.3/en/os/i386/openssh-askpass-3.1p1-8.i386.rpm de35a67fa21ec478aff57ce5c830f84e 7.3/en/os/i386/openssh-askpass-gnome-3.1p1-8.i386.rpm 8c9d37f46f76093eccea80571d687d46 7.3/en/os/i386/openssh-clients-3.1p1-8.i386.rpm 42ec08d8633862da9c988524fecdafbb 7.3/en/os/i386/openssh-server-3.1p1-8.i386.rpm 81ed2140e12f15e4518fc2fe3aef10eb 8.0/en/os/SRPMS/openssh-3.4p1-4.src.rpm d625e5b2eca982b5b92ac0862eae1b73 8.0/en/os/i386/openssh-3.4p1-4.i386.rpm 34e91b60c3b5296c8e5185d5cf832013 8.0/en/os/i386/openssh-askpass-3.4p1-4.i386.rpm 536394cfe9c2b3068580269b346f6c1f 8.0/en/os/i386/openssh-askpass-gnome-3.4p1-4.i386.rpm ce583ee467532c9af9b9482cc90cd375 8.0/en/os/i386/openssh-clients-3.4p1-4.i386.rpm a81ee000ffc59c3f210fb4f08a02f2a7 8.0/en/os/i386/openssh-server-3.4p1-4.i386.rpm 321f50363605e1976cc19b7ceacf6d26 9/en/os/SRPMS/openssh-3.5p1-6.9.src.rpm 71613a13c1e40faa16f9a01fabf0e8b3 9/en/os/i386/openssh-3.5p1-6.9.i386.rpm 7b70f6b671b87385646d382115974724 9/en/os/i386/openssh-askpass-3.5p1-6.9.i386.rpm 9a8d60a683b055feba9855db74467fff 9/en/os/i386/openssh-askpass-gnome-3.5p1-6.9.i386.rpm 5c18b658c8bed7c434d8d9f142a95e7f 9/en/os/i386/openssh-clients-3.5p1-6.9.i386.rpm 3971445a5ee73f5c8b7fdc022b0432e8 9/en/os/i386/openssh-server-3.5p1-6.9.i386.rpm


These packages are GPG signed by Red Hat for security. Our key is available from Product Signing Keys - Red Hat Customer Portal

You can verify each package with the following command:

rpm --checksig -v

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command:

md5sum


Summary

References

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2003:222-01
Issue date: 2003-07-29
Updated on: 2003-07-29
Product: Red Hat Linux
Keywords: openssh pam timing information leak
Cross references:
Obsoletes: RHSA-2002:127

Topic

Relevant Releases Architectures

Red Hat Linux 7.1 - i386

Red Hat Linux 7.1 for iSeries (64 bit) - ppc

Red Hat Linux 7.1 for pSeries (64 bit) - ppc

Red Hat Linux 7.2 - i386, ia64

Red Hat Linux 7.3 - i386

Red Hat Linux 8.0 - i386

Red Hat Linux 9 - i386

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.