Synopsis: Moderate: openssh security update
Issue date: 2009-09-30
CVE Names: CVE-2009-2904
A Red Hat specific patch used in the openssh packages as shipped in Red
Hat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain ownership
requirements for directories used as arguments for the ChrootDirectory
configuration options. A malicious user that also has or previously had
non-chroot shell access to a system could possibly use this flaw to
escalate their privileges and run commands as any system user.
(CVE-2009-2904)
After installing this update, the OpenSSH server daemon (sshd) will be
restarted automatically.
SL 5.x
SRPMS:
openssh-4.3p2-36.el5_4.2.src.rpm
i386:
openssh-4.3p2-36.el5_4.2.i386.rpm
openssh-askpass-4.3p2-36.el5_4.2.i386.rpm
openssh-clients-4.3p2-36.el5_4.2.i386.rpm
openssh-server-4.3p2-36.el5_4.2.i386.rpm
x86_64:
openssh-4.3p2-36.el5_4.2.x86_64.rpm
openssh-askpass-4.3p2-36.el5_4.2.x86_64.rpm
openssh-clients-4.3p2-36.el5_4.2.x86_64.rpm
openssh-server-4.3p2-36.el5_4.2.x86_64.rpm
-Connie Sieh
-Troy Dawson
|