1.144. openssh
1.144.1. RHBA-2009:1668: bug fix update
Note
This update has already been released (prior to the GA of this release) as errata RHBA-2009:1668
OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server.
These updated openssh packages fix the following bug:
* when sshd, the SSH daemon, used multiple SFTP channels simultaneously, each SFTP cthannel leaked a UNIX socket. This leak could eventually cause sshd to consume large amounts of system resources. This update fixes the leak by ensuring that every SFTP channel closes the UNIX socket, with the result that using SFTP with multiple simultaneous channels does not cause sshd to monopolize system resources. (BZ#537348)
All users of openssh are advised to upgrade to these updated packages, which resolve this issue.
1.144.2. RHBA-2010:0123: bug fix update
Note
This update has already been released (prior to the GA of this release) as errata RHBA-2010:0123
OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server.
These updated openssh packages fix the following bug:
* in order to comply with the FIPS 140-2 standard, Security Requirements for Cryptographic Modules, RAND_cleanup() function calls were added to places where processes, and their child processes, exited, in both the ssh program and the sshd service. (BZ#561420)
All users of openssh are advised to upgrade to these updated packages, which resolve this issue.
1.144.3. RHSA-2009:1470: Moderate security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:1470
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server.
A Red Hat specific patch used in the openssh packages as shipped in Red Hat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain ownership requirements for directories used as arguments for the ChrootDirectory configuration options. A malicious user that also has or previously had non-chroot shell access to a system could possibly use this flaw to escalate their privileges and run commands as any system user. (CVE-2009-2904)
All OpenSSH users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically.
1.144.4. RHBA-2010:0193: bug fix update
Updated openssh packages that fix various bugs and add an enhancement are now available.
OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server.
These packages address the following bugs:
* When sshd used multiple SFTP channels simultaneously, each SFTP channel leaked a unix socket. This socket leak could have eventually caused the sshd daemon to monopolize system resources. The bug has been fixed with these updated packages by ensuring that there is no socket leak within a subsystem. (BZ#530358)
* If a zero length SSH2 DSA key existed, the ssh init script would hang. This issue has been fixed by allowing the ssh init script to automatically overwrite any zero length keys that exist. The ssh init script now functions as expected, even if a zero length key exists before execution of the script. (BZ#531738)
As well, these updated packages add the following enhancement:
* A call to RAND_cleanup() has been added to ssh and sshd to clean the PRNG status when exiting the program. This enhancement also ensures FIPS-140-2 compliance. (BZ#557164)
All openssh users should upgrade to these updated packages, which resolve these issues.