[SECURITY] Fedora Core 5 Update: openssh-4.3p2-4.11.fc5

Tomas Mraz tmraz at redhat.com
Mon Nov 20 16:54:31 UTC 2006

Fedora Update Notification

Product     : Fedora Core 5
Name        : openssh
Version     : 4.3p2
Release     : 4.11.fc5
Summary     : The OpenSSH implementation of SSH protocol versions 1 and 2
Description :
SSH (Secure SHell) is a program for logging into and executing
commands on a remote machine. SSH is intended to replace rlogin and
rsh, and to provide secure encrypted communications between two
untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.

OpenSSH is OpenBSD's version of the last free version of SSH, bringing
it up to date in terms of security and features, as well as removing
all patented algorithms to separate libraries.

This package includes the core files necessary for both the OpenSSH
client and server. To make this package useful, you should also
install openssh-clients, openssh-server, or both.

Update Information:

Low severity security update.
* Fri Nov 10 2006 Tomas Mraz <tmraz at redhat.com> - 4.3p2-4.11
- CVE-2006-5794 - properly detect failed key verify in monitor (#214641)
- kill all ssh sessions when stop is called in halt or reboot runlevel (#213008)
- remove -TERM option from killproc so we don't race on sshd restart (#213490)
* Mon Oct  2 2006 Tomas Mraz <tmraz at redhat.com> - 4.3p2-4.10
- improve gssapi-no-spnego patch (#208102)
- CVE-2006-4924 - prevent DoS on deattack detector (#207957)
- CVE-2006-5051 - don't call cleanups from signal handler (#208459)
* Wed Sep 13 2006 Tomas Mraz <tmraz at redhat.com> - 4.3p2-4.1
- sync with FC6 version
- build for FC5
* Wed Aug 23 2006 Tomas Mraz <tmraz at redhat.com> - 4.3p2-9
- don't report duplicate syslog messages, use correct local time (#189158)
- don't allow spnego as gssapi mechanism (from upstream)
- fixed memleaks found by Coverity (from upstream)
- allow ip options except source routing (#202856) (patch by HP)
* Tue Aug  8 2006 Tomas Mraz <tmraz at redhat.com> - 4.3p2-8
- drop the pam-session patch from the previous build (#201341)
- don't set IPV6_V6ONLY sock opt when listening on wildcard addr (#201594)
* Thu Jul 20 2006 Tomas Mraz <tmraz at redhat.com> - 4.3p2-7
- dropped old ssh obsoletes
- call the pam_session_open/close from the monitor when privsep is
  enabled so it is always called as root (patch by Darren Tucker)
* Mon Jul 17 2006 Tomas Mraz <tmraz at redhat.com> - 4.3p2-6
- improve selinux patch (by Jan Kiszka)
- upstream patch for buffer append space error (#191940)
- fixed typo in configure.ac (#198986)
- added pam_keyinit to pam configuration (#198628)
- improved error message when askpass dialog cannot grab
  keyboard input (#198332)
- buildrequires xauth instead of xorg-x11-xauth
- fixed a few rpmlint warnings
* Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com> - 4.3p2-5.1
- rebuild
* Fri Apr 14 2006 Tomas Mraz <tmraz at redhat.com> - 4.3p2-5
- don't request pseudoterminal allocation if stdin is not tty (#188983)

This update can be downloaded from:

58b7ced28ce83becce673a66c87bb1ffb8f5b850  SRPMS/openssh-4.3p2-4.11.fc5.src.rpm
58b7ced28ce83becce673a66c87bb1ffb8f5b850  noarch/openssh-4.3p2-4.11.fc5.src.rpm
f96f1dd8862835862dc1da573f6d365a7557206d  ppc/openssh-clients-4.3p2-4.11.fc5.ppc.rpm
f43f788ba21cd4d1d9f47f49922c21bd8f9b413b  ppc/openssh-server-4.3p2-4.11.fc5.ppc.rpm
24be5cc4ffd8865a4c0d745812d06a8fe6648346  ppc/debug/openssh-debuginfo-4.3p2-4.11.fc5.ppc.rpm
198e7f4c50dcd236dd342bf2a7a4d6bf4fa63bc8  ppc/openssh-4.3p2-4.11.fc5.ppc.rpm
2724e01c4a8c36337fe8ed313e1eafca7bd1f6a9  ppc/openssh-askpass-4.3p2-4.11.fc5.ppc.rpm
5cb74de90d8667f700a9c3773636ef2a82416311  x86_64/openssh-4.3p2-4.11.fc5.x86_64.rpm
5063a8356d5072a26df40074fd33d9c4d02355ef  x86_64/openssh-clients-4.3p2-4.11.fc5.x86_64.rpm
a1d15f584885babff7999624fd5b6a5118911836  x86_64/openssh-server-4.3p2-4.11.fc5.x86_64.rpm
2dcd53d558af1cafe299d70c2988ae5e844b4619  x86_64/debug/openssh-debuginfo-4.3p2-4.11.fc5.x86_64.rpm
23db8344d3f38035d091845f24b04af10ff553fc  x86_64/openssh-askpass-4.3p2-4.11.fc5.x86_64.rpm
9eb97b6fee2c9e3a19bbe3827568de312bcbe294  i386/openssh-4.3p2-4.11.fc5.i386.rpm
01e6155a3f640367b9bdd2bfb71690d8aa7278aa  i386/openssh-server-4.3p2-4.11.fc5.i386.rpm
dbd74691f39ba7c88d71fea4ecafa24d28f9dda4  i386/openssh-askpass-4.3p2-4.11.fc5.i386.rpm
8e7921de375435cba08af873ea57472df2c8063e  i386/debug/openssh-debuginfo-4.3p2-4.11.fc5.i386.rpm
17f4b7adfbbd29c2668b4c72353df5fa4c50b4f2  i386/openssh-clients-4.3p2-4.11.fc5.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.

More information about the package-announce mailing list