 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Fri, 22 Aug 2008 13:59:13 -0500 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Synopsis: Low: openssh security update
Issue date: 2008-08-22
CVE Names: CVE-2007-4752
These packages fix a low severity flaw in the way ssh handles X11
cookies when creating X11 forwarding connections. When ssh was unable to
create untrusted cookie, ssh used a trusted cookie instead, possibly
allowing the administrative user of a untrusted remote server, or untrusted
application run on the remote server, to gain unintended access to a users
local X server. (CVE-2007-4752)
To address concerns about these, and past openssh packages, we have done an
intensive review of the source rpm's of these, and past openssh packages. Our
conclusion is that these, and past packages have NOT been compromised. Either
at the source level, or the compiled binary level.
SL 4.x
SRPMS:
openssh-3.9p1-11.el4_7.src.rpm
i386:
openssh-3.9p1-11.el4_7.i386.rpm
openssh-askpass-3.9p1-11.el4_7.i386.rpm
openssh-askpass-gnome-3.9p1-11.el4_7.i386.rpm
openssh-clients-3.9p1-11.el4_7.i386.rpm
openssh-server-3.9p1-11.el4_7.i386.rpm
x86_64:
openssh-3.9p1-11.el4_7.x86_64.rpm
openssh-askpass-3.9p1-11.el4_7.x86_64.rpm
openssh-askpass-gnome-3.9p1-11.el4_7.x86_64.rpm
openssh-clients-3.9p1-11.el4_7.x86_64.rpm
openssh-server-3.9p1-11.el4_7.x86_64.rpm
SL 5.x
SRPMS:
openssh-4.3p2-26.el5_2.1.src.rpm
i386:
openssh-4.3p2-26.el5_2.1.i386.rpm
openssh-askpass-4.3p2-26.el5_2.1.i386.rpm
openssh-clients-4.3p2-26.el5_2.1.i386.rpm
openssh-server-4.3p2-26.el5_2.1.i386.rpm
x86_64:
openssh-4.3p2-26.el5_2.1.x86_64.rpm
openssh-askpass-4.3p2-26.el5_2.1.x86_64.rpm
openssh-clients-4.3p2-26.el5_2.1.x86_64.rpm
openssh-server-4.3p2-26.el5_2.1.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|
