SCIENTIFIC-LINUX-ERRATA Archives

October 2009

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: openssh on SL5.x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Thu, 1 Oct 2009 12:00:52 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (33 lines) 
Synopsis:	Moderate: openssh security update

Issue date:	2009-09-30

CVE Names:	CVE-2009-2904



A Red Hat specific patch used in the openssh packages as shipped in Red

Hat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain ownership

requirements for directories used as arguments for the ChrootDirectory

configuration options. A malicious user that also has or previously had

non-chroot shell access to a system could possibly use this flaw to

escalate their privileges and run commands as any system user.

(CVE-2009-2904)



After installing this update, the OpenSSH server daemon (sshd) will be 

restarted automatically.



SL 5.x



     SRPMS:

openssh-4.3p2-36.el5_4.2.src.rpm

     i386:

openssh-4.3p2-36.el5_4.2.i386.rpm

openssh-askpass-4.3p2-36.el5_4.2.i386.rpm

openssh-clients-4.3p2-36.el5_4.2.i386.rpm

openssh-server-4.3p2-36.el5_4.2.i386.rpm

     x86_64:

openssh-4.3p2-36.el5_4.2.x86_64.rpm

openssh-askpass-4.3p2-36.el5_4.2.x86_64.rpm

openssh-clients-4.3p2-36.el5_4.2.x86_64.rpm

openssh-server-4.3p2-36.el5_4.2.x86_64.rpm



-Connie Sieh

-Troy Dawson

ATOM RSS1 RSS2