Synopsis:	Moderate: openssh security update
Issue date:	2009-09-30
CVE Names:	CVE-2009-2904

A Red Hat specific patch used in the openssh packages as shipped in Red
Hat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain ownership
requirements for directories used as arguments for the ChrootDirectory
configuration options. A malicious user that also has or previously had
non-chroot shell access to a system could possibly use this flaw to
escalate their privileges and run commands as any system user.
(CVE-2009-2904)

After installing this update, the OpenSSH server daemon (sshd) will be 
restarted automatically.

SL 5.x

     SRPMS:
openssh-4.3p2-36.el5_4.2.src.rpm
     i386:
openssh-4.3p2-36.el5_4.2.i386.rpm
openssh-askpass-4.3p2-36.el5_4.2.i386.rpm
openssh-clients-4.3p2-36.el5_4.2.i386.rpm
openssh-server-4.3p2-36.el5_4.2.i386.rpm
     x86_64:
openssh-4.3p2-36.el5_4.2.x86_64.rpm
openssh-askpass-4.3p2-36.el5_4.2.x86_64.rpm
openssh-clients-4.3p2-36.el5_4.2.x86_64.rpm
openssh-server-4.3p2-36.el5_4.2.x86_64.rpm

-Connie Sieh
-Troy Dawson