ELSA-2007-0540

ELSA-2007-0540 - openssh security and bug fix update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2007-11-19

Description

[4.3p2-24]
- fixed audit log injection problem (CVE-2007-3102) (#248059)

[4.3p2-23]
- document where the nss certificate and token dbs are looked for

[4.3p2-22]
- experimental support for PKCS#11 tokens through libnss3 (#183423)

[4.3p2-21]
- fix an information leak in Kerberos password authentication (CVE-2006-5052)
(#234638)
- correctly setup context when empty level requested (#234951)

[4.3p2-20]
- and always request default level as returned by getseuserbyname (#231695)

[4.3p2-19]
- check requested level context against a context with the same role (#231695)

[4.3p2-18]
- reject connection if requested mls range is not obtained (#229278)

[4.3p2-17]
- allow selecting non-default roles and audit role changes (#227733)

Related CVEs

CVE-2007-3102

CVE-2006-5052

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory
Oracle Linux 5 (i386)	openssh-4.3p2-24.el5.src.rpm	ccbf21f4ef6e41a986514ac1ec84dd5c	ELSA-2016-3531
	openssh-4.3p2-24.el5.i386.rpm	eec321dc41dbb2822df0262bf1fcd526	ELSA-2016-3531
	openssh-askpass-4.3p2-24.el5.i386.rpm	5b39ffe95ac6e1b627a20585255fb2db	ELSA-2016-3531
	openssh-clients-4.3p2-24.el5.i386.rpm	d0016960e29db539f642983197b4492f	ELSA-2016-3531
	openssh-server-4.3p2-24.el5.i386.rpm	fcd9df6ec72682cda0b630766afc0ab4	ELSA-2016-3531
Oracle Linux 5 (x86_64)	openssh-4.3p2-24.el5.src.rpm	ccbf21f4ef6e41a986514ac1ec84dd5c	ELSA-2016-3531
	openssh-4.3p2-24.el5.x86_64.rpm	11db8f407572f0402ed8675c1ae15b03	ELSA-2016-3531
	openssh-askpass-4.3p2-24.el5.x86_64.rpm	7107d27925469eefab29b5d2832147c7	ELSA-2016-3531
	openssh-clients-4.3p2-24.el5.x86_64.rpm	1affccdaf3a3741c70683852bd099093	ELSA-2016-3531
	openssh-server-4.3p2-24.el5.x86_64.rpm	a1d60a23a6b0894c8567cc3034ef08d5	ELSA-2016-3531

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team