Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Errata Announcements for Oracle Linux <el-errata <at> oss.oracle.com>
Subject: ELSA-2013-1591 Low: Oracle Linux 6 openssh security, bug fix, and enhancement update
Newsgroups: gmane.linux.oracle.el-errata
Date: Wednesday 27th November 2013 17:51:32 UTC (over 3 years ago)
Oracle Linux Security Advisory ELSA-2013-1591

https://rhn.redhat.com/errata/RHSA-2013-1591.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
openssh-5.3p1-94.el6.i686.rpm
openssh-askpass-5.3p1-94.el6.i686.rpm
openssh-clients-5.3p1-94.el6.i686.rpm
openssh-ldap-5.3p1-94.el6.i686.rpm
openssh-server-5.3p1-94.el6.i686.rpm
pam_ssh_agent_auth-0.9.3-94.el6.i686.rpm

x86_64:
openssh-5.3p1-94.el6.x86_64.rpm
openssh-askpass-5.3p1-94.el6.x86_64.rpm
openssh-clients-5.3p1-94.el6.x86_64.rpm
openssh-ldap-5.3p1-94.el6.x86_64.rpm
openssh-server-5.3p1-94.el6.x86_64.rpm
pam_ssh_agent_auth-0.9.3-94.el6.i686.rpm
pam_ssh_agent_auth-0.9.3-94.el6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/openssh-5.3p1-94.el6.src.rpm



Description of changes:

[5.3p1-94]
- use dracut-fips package to determine if a FIPS module is installed 
(#1001565)

[5.3p1-93]
- use dist tag in suffixes for hmac checksum files (#1001565)

[5.3p1-92]
- use hmac_suffix for ssh{,d} hmac checksums (#1001565)

[5.3p1-91]
- fix NSS keys support (#1004763)

[5.3p1-90]
- change default value of MaxStartups - CVE-2010-5107 - #908707
- add -fips subpackages that contains the FIPS module files (#1001565)

[5.3p1-89]
- don't use SSH_FP_MD5 for fingerprints in FIPS mode (#998835)

[5.3p1-88]
- do ssh_gssapi_krb5_storecreds() twice - before and after pam sesssion 
(#974096)

[5.3p1-87]
- bump the minimum value of SSH_USE_STRONG_RNG to 14 according to 
SP800-131A (#993577)
- fixed an issue with broken 'ssh -I pkcs11' (#908038)
- abort non-subsystem sessions to forced internal sftp-server (#993509)
- reverted 'store krb5 credentials after a pam session is created
(#974096)'

[5.3p1-86]
- Add support for certificate key types for users and hosts (#906872)
- Apply RFC3454 stringprep to banners when possible (#955792)

[5.3p1-85]
- fix chroot logging issue (#872169)
- change the bad key permissions error message (#880575)
- fix a race condition in ssh-agent (#896561)
- backport support for PKCS11 from openssh-5.4p1 (#908038)
- add a KexAlgorithms knob to the client and server configuration (#951704)
- fix parsing logic of ldap.conf file (#954094)
- Add HMAC-SHA2 algorithm support (#969565)
- store krb5 credentials after a pam session is created (#974096)
 
CD: 3ms