Date:         Fri, 22 Aug 2008 13:59:13 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA for openssh on SL4.x, SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Low: openssh security update
Issue date:	2008-08-22
CVE Names:	CVE-2007-4752

These packages fix a low severity flaw in the way ssh handles X11
cookies when creating X11 forwarding connections.  When ssh was unable to
create untrusted cookie, ssh used a trusted cookie instead, possibly
allowing the administrative user of a untrusted remote server, or untrusted
application run on the remote server, to gain unintended access to a userslocal X server. (CVE-2007-4752)

To address concerns about these, and past openssh packages, we have done an 
intensive review of the source rpm's of these, and past openssh packages.  Our 
conclusion is that these, and past packages have NOT been compromised.  Either 
at the source level, or the compiled binary level.

SL 4.x

     SRPMS:
openssh-3.9p1-11.el4_7.src.rpm
     i386:
openssh-3.9p1-11.el4_7.i386.rpm
openssh-askpass-3.9p1-11.el4_7.i386.rpm
openssh-askpass-gnome-3.9p1-11.el4_7.i386.rpm
openssh-clients-3.9p1-11.el4_7.i386.rpm
openssh-server-3.9p1-11.el4_7.i386.rpm
     x86_64:
openssh-3.9p1-11.el4_7.x86_64.rpm
openssh-askpass-3.9p1-11.el4_7.x86_64.rpm
openssh-askpass-gnome-3.9p1-11.el4_7.x86_64.rpm
openssh-clients-3.9p1-11.el4_7.x86_64.rpm
openssh-server-3.9p1-11.el4_7.x86_64.rpm

SL 5.x

     SRPMS:
openssh-4.3p2-26.el5_2.1.src.rpm
     i386:
openssh-4.3p2-26.el5_2.1.i386.rpm
openssh-askpass-4.3p2-26.el5_2.1.i386.rpm
openssh-clients-4.3p2-26.el5_2.1.i386.rpm
openssh-server-4.3p2-26.el5_2.1.i386.rpm
     x86_64:
openssh-4.3p2-26.el5_2.1.x86_64.rpm
openssh-askpass-4.3p2-26.el5_2.1.x86_64.rpm
openssh-clients-4.3p2-26.el5_2.1.x86_64.rpm
openssh-server-4.3p2-26.el5_2.1.x86_64.rpm

-Connie Sieh
-Troy Dawson