Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Pat Riehecky <riehecky-13hema8v3vg <at> public.gmane.org>
Subject: Security ERRATA Moderate: openssh on SL6.x i386/x86_64
Newsgroups: gmane.linux.scientific.errata
Date: Thursday 28th February 2013 22:16:13 UTC (over 3 years ago)
Synopsis:          Moderate: openssh security, bug fix and enhancement 
update
Issue Date:        2013-02-21
CVE Numbers:       CVE-2012-5536
--

Due to the way the pam_ssh_agent_auth PAM module was built in Scientific 
Linux
6, the glibc's error() function was called rather than the intended error()
function in pam_ssh_agent_auth to report errors. As these two functions 
expect
different arguments, it was possible for an attacker to cause an
application
using pam_ssh_agent_auth to crash, disclose portions of its memory or,
potentially, execute arbitrary code. (CVE-2012-5536)

Note that the pam_ssh_agent_auth module is not used in Scientific Linux 6
by
default.

This update also fixes the following bugs:

* All possible options for the new RequiredAuthentications directive 
were not
documented in the sshd_config man page. This update improves the man page
to
document all the possible options.

* When stopping one instance of the SSH daemon (sshd), the sshd init script
(/etc/rc.d/init.d/sshd) stopped all sshd processes regardless of the PID 
of the
processes. This update improves the init script so that it only kills 
processes
with the relevant PID. As a result, the init script now works more 
reliably in
a multi-instance environment.

* Due to a regression, the ssh-copy-id command returned an exit status 
code of
zero even if there was an error in copying the key to a remote host. 
With this
update, a patch has been applied and ssh-copy-id now returns a non-zero
exit
code if there is an error in copying the SSH certificate to a remote host.

* When SELinux was disabled on the system, no on-disk policy was 
installed, a
user account was used for a connection, and no "~/.ssh" configuration was
present in that user's home directory, the SSH client terminated 
unexpectedly
with a segmentation fault when attempting to connect to another system. 
A patch
has been provided to address this issue and the crashes no longer occur 
in the
described scenario.

* The "HOWTO" document /usr/share/doc/openssh-ldap-5.3p1/HOWTO.ldap-keys
incorrectly documented the use of the AuthorizedKeysCommand directive. This
update corrects the document.

This update also adds the following enhancements:

* When attempting to enable SSH for use with a Common Access Card (CAC),
the
ssh-agent utility read all the certificates in the card even though only 
the ID
certificate was needed. Consequently, if a user entered their PIN 
incorrectly,
then the CAC was locked, as a match for the PIN was attempted against 
all three
certificates. With this update, ssh-add does not try the same PIN for every
certificate if the PIN fails for the first one. As a result, the CAC 
will not
be disabled if a user enters their PIN incorrectly.

* This update adds a "netcat mode" to SSH. The "ssh -W host:port ..." 
command
connects standard input and output (stdio) on a client to a single port on
a
server. As a result, SSH can be used to route connections via intermediate
servers.

* Due to a bug, arguments for the RequiredAuthentications2 directive 
were not
stored in a Match block. Consequently, parsing of the config file was not
in
accordance with the man sshd_config documentation. This update fixes the
bug
and users can now use the required authentication feature to specify a 
list of
authentication methods as expected according to the man page.

After installing this update, the OpenSSH server daemon (sshd) will be
restarted automatically.
--

SL6
   x86_64
     openssh-5.3p1-84.1.el6.x86_64.rpm
     openssh-askpass-5.3p1-84.1.el6.x86_64.rpm
     openssh-clients-5.3p1-84.1.el6.x86_64.rpm
     openssh-debuginfo-5.3p1-84.1.el6.x86_64.rpm
     openssh-server-5.3p1-84.1.el6.x86_64.rpm
     openssh-debuginfo-5.3p1-84.1.el6.i686.rpm
     openssh-ldap-5.3p1-84.1.el6.x86_64.rpm
     pam_ssh_agent_auth-0.9.3-84.1.el6.i686.rpm
     pam_ssh_agent_auth-0.9.3-84.1.el6.x86_64.rpm
   i386
     openssh-5.3p1-84.1.el6.i686.rpm
     openssh-askpass-5.3p1-84.1.el6.i686.rpm
     openssh-clients-5.3p1-84.1.el6.i686.rpm
     openssh-debuginfo-5.3p1-84.1.el6.i686.rpm
     openssh-server-5.3p1-84.1.el6.i686.rpm
     openssh-ldap-5.3p1-84.1.el6.i686.rpm
     pam_ssh_agent_auth-0.9.3-84.1.el6.i686.rpm

- Scientific Linux Development Team
 
CD: 3ms