[El-errata] ELSA-2013-1591 Low: Oracle Linux 6 openssh security, bug fix, and enhancement update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Nov 27 09:51:32 PST 2013


Oracle Linux Security Advisory ELSA-2013-1591

https://rhn.redhat.com/errata/RHSA-2013-1591.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
openssh-5.3p1-94.el6.i686.rpm
openssh-askpass-5.3p1-94.el6.i686.rpm
openssh-clients-5.3p1-94.el6.i686.rpm
openssh-ldap-5.3p1-94.el6.i686.rpm
openssh-server-5.3p1-94.el6.i686.rpm
pam_ssh_agent_auth-0.9.3-94.el6.i686.rpm

x86_64:
openssh-5.3p1-94.el6.x86_64.rpm
openssh-askpass-5.3p1-94.el6.x86_64.rpm
openssh-clients-5.3p1-94.el6.x86_64.rpm
openssh-ldap-5.3p1-94.el6.x86_64.rpm
openssh-server-5.3p1-94.el6.x86_64.rpm
pam_ssh_agent_auth-0.9.3-94.el6.i686.rpm
pam_ssh_agent_auth-0.9.3-94.el6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/openssh-5.3p1-94.el6.src.rpm



Description of changes:

[5.3p1-94]
- use dracut-fips package to determine if a FIPS module is installed 
(#1001565)

[5.3p1-93]
- use dist tag in suffixes for hmac checksum files (#1001565)

[5.3p1-92]
- use hmac_suffix for ssh{,d} hmac checksums (#1001565)

[5.3p1-91]
- fix NSS keys support (#1004763)

[5.3p1-90]
- change default value of MaxStartups - CVE-2010-5107 - #908707
- add -fips subpackages that contains the FIPS module files (#1001565)

[5.3p1-89]
- don't use SSH_FP_MD5 for fingerprints in FIPS mode (#998835)

[5.3p1-88]
- do ssh_gssapi_krb5_storecreds() twice - before and after pam sesssion 
(#974096)

[5.3p1-87]
- bump the minimum value of SSH_USE_STRONG_RNG to 14 according to 
SP800-131A (#993577)
- fixed an issue with broken 'ssh -I pkcs11' (#908038)
- abort non-subsystem sessions to forced internal sftp-server (#993509)
- reverted 'store krb5 credentials after a pam session is created (#974096)'

[5.3p1-86]
- Add support for certificate key types for users and hosts (#906872)
- Apply RFC3454 stringprep to banners when possible (#955792)

[5.3p1-85]
- fix chroot logging issue (#872169)
- change the bad key permissions error message (#880575)
- fix a race condition in ssh-agent (#896561)
- backport support for PKCS11 from openssh-5.4p1 (#908038)
- add a KexAlgorithms knob to the client and server configuration (#951704)
- fix parsing logic of ldap.conf file (#954094)
- Add HMAC-SHA2 algorithm support (#969565)
- store krb5 credentials after a pam session is created (#974096)





More information about the El-errata mailing list