[El-errata] ELSA-2015-2088 Moderate: Oracle Linux 7 openssh security, bug fix, and enhancement update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Mon Nov 23 18:53:18 PST 2015


Oracle Linux Security Advisory ELSA-2015-2088

http://linux.oracle.com/errata/ELSA-2015-2088.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
openssh-6.6.1p1-22.el7.x86_64.rpm
openssh-askpass-6.6.1p1-22.el7.x86_64.rpm
openssh-clients-6.6.1p1-22.el7.x86_64.rpm
openssh-keycat-6.6.1p1-22.el7.x86_64.rpm
openssh-ldap-6.6.1p1-22.el7.x86_64.rpm
openssh-server-6.6.1p1-22.el7.x86_64.rpm
openssh-server-sysvinit-6.6.1p1-22.el7.x86_64.rpm
pam_ssh_agent_auth-0.9.3-9.22.el7.i686.rpm
pam_ssh_agent_auth-0.9.3-9.22.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/openssh-6.6.1p1-22.el7.src.rpm



Description of changes:

[6.6.1p1-22]
- Use the correct constant for glob limits (#1160377)

[6.6.1p1-21]
- Extend memory limit for remote glob in sftp acc. to stat limit (#1160377)

[6.6.1p1-20]
- Fix vulnerabilities published with openssh-7.0 (#1265807)
  - Privilege separation weakness related to PAM support
  - Use-after-free bug related to PAM support

[6.6.1p1-19]
- Increase limit of files for glob match in sftp to 8192 (#1160377)

[6.6.1p1-18]
- Add GSSAPIKexAlgorithms option for server and client application 
(#1253062)

[6.6.1p1-17]
- Security fixes released with openssh-6.9 (CVE-2015-5352) (#1247864)
  - XSECURITY restrictions bypass under certain conditions in ssh(1) 
(#1238231)
  - weakness of agent locking (ssh-add -x) to password guessing (#1238238)

[6.6.1p1-16]
- only query each keyboard-interactive device once (CVE-2015-5600) 
(#1245971)

[6.6.1p1-15]
- One more typo in manual page documenting TERM variable (#1162683)
- Fix race condition with auditing messages answers (#1240613)

[6.6.1p1-14]
- Fix ldif schema to have correct spacing on newlines (#1184938)
- Add missing values for sshd test mode (#1187597)
- ssh-copy-id: tcsh doesnt work with multiline strings (#1201758)
- Fix memory problems with newkeys and array transfers (#1223218)
- Enhance AllowGroups documentation in man page (#1150007)

[6.6.1p1-13]
- Increase limit of files for glob match in sftp (#1160377)
- Add pam_reauthorize.so to /etc/pam.d/sshd (#1204233)
- Show all config values in sshd test mode (#1187597)
- Document required selinux boolean for working ssh-ldap-helper (#1178116)
- Consistent usage of pam_namespace in sshd (#1125110)
- Fix auditing when using combination of ForcedCommand and PTY (#1199112)
- Add sftp option to force mode of created files (#1197989)
- Ability to specify an arbitrary LDAP filter in ldap.conf for 
ssh-ldap-helper (#1201753)
- Provide documentation line for systemd service and socket (#1181591)
- Provide LDIF version of LPK schema (#1184938)
- Document TERM environment variable (#1162683)
- Fix ssh-copy-id on non-sh remote shells (#1201758)
- Do not read RSA1 hostkeys for HostBased authentication in FIPS (#1197666)






More information about the El-errata mailing list