[linux-sparc-announce] LFSSA-2016-0030 Linux for SPARC 1.0 openssh security update
Announcements for Linux for SPARC
linux-sparc-announce at oss.oracle.com
Tue Mar 22 11:33:34 PDT 2016
Linux for SPARC Security Advisory LFSSA-2016-0030
The following updated rpms for Linux for SPARC 1.0 have been uploaded to
the yum.oracle.com:
sparc64:
openssh-5.3p1-114.el6_7.sparc64.rpm
openssh-askpass-5.3p1-114.el6_7.sparc64.rpm
openssh-clients-5.3p1-114.el6_7.sparc64.rpm
openssh-ldap-5.3p1-114.el6_7.sparc64.rpm
openssh-server-5.3p1-114.el6_7.sparc64.rpm
pam_ssh_agent_auth-0.9.3-114.el6_7.sparc64.rpm
SRPMS:
http://yum.oracle.com/repo/linux_sparc64/latest/openssh-5.3p1-114.el6_7.src.rpm
Description of changes:
[5.3p1-114]
- CVE-2015-5600: MaxAuthTries limit bypass via duplicates in
KbdInteractiveDevices (#1245969)
[5.3p1-113]
- CVE-2016-3115: missing sanitisation of input for X11 forwarding (#1317816)
[5.3p1-112]
- SSH2_MSG_DISCONNECT for user initiated disconnect follow RFC 4253
(#1222500)
[5.3p1-111]
- Add missing dot in ssh manual page (#1197763)
[5.3p1-110]
- Fix minor problems found by covscan/gcc (#1196063)
- Add missing options in man ssh (#1197763)
- Add KbdInteractiveAuthentication documentation to man sshd_config
(#1109251)
- Correct freeing newkeys structure when privileged monitor exits (#1208584)
[5.3p1-109]
- Fix problems with failing persistent connections (#1131585)
- Fix memory leaks in auditing patch (#1208584)
[5.3p1-108]
- Better approach to logging sftp commands in chroot
[5.3p1-107]
- Make sshd -T write all config options and add missing Cipher, MAC to
man (#1109251)
[5.3p1-106]
- Add missing ControlPersist option to man ssh (#1197763)
- Add sftp option to force mode of created files (#1191055)
- Do not load RSA1 keys in FIPS mode (#1197072)
- Add missing support for ECDSA in ssh-keyscan (#1196331)
- Fix coverity/gcc issues (#1196063)
- Backport wildcard functionality for PermitOpen in sshd_config file
(#1159055)
- Ability to specify an arbitrary LDAP filter in ldap.conf (#1119506)
[5.3p1-105]
- Fix ControlPersist option with ProxyCommand (#1160487)
- Backport fix of ssh-keygen with error : gethostname: File name too
long (#1161454)
- Backport show remote address instead of UNKNOWN after timeout at
password prompt (#1161449)
- Fix printing of extensions in v01 certificates (#1093869)
- Fix confusing audit trail for unsuccessful logins (#1127312)
- Don't close fds for internal sftp sessions (#1085710)
- Fix config parsing quotes (backport) (#1134938)
- Enable logging in chroot into separate file (#1172224)
- Fix auditing when using combination of ForcedCommand and PTY (#1131585)
- Fix ssh-copy-id on non-sh remote shells (#1135521)
More information about the linux-sparc-announce
mailing list