ELSA-2015-0425

ULN >
Oracle Linux Errata repository >
ELSA-2015-0425

ELSA-2015-0425 - openssh security, bug fix and enhancement update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2015-03-09

Description

[6.6.1p1-11 + 0.9.3-9]
- fix direction in CRYPTO_SESSION audit message (#1171248)

[6.6.1p1-10 + 0.9.3-9]
- add new option GSSAPIEnablek5users and disable using ~/.k5users by default CVE-2014-9278
(#1169843)

[6.6.1p1-9 + 0.9.3-9]
- log via monitor in chroots without /dev/log (#1083482)

[6.6.1p1-8 + 0.9.3-9]
- increase size of AUDIT_LOG_SIZE to 256 (#1171163)
- record pfs= field in CRYPTO_SESSION audit event (#1171248)

[6.6.1p1-7 + 0.9.3-9]
- fix gsskex patch to correctly handle MONITOR_REQ_GSSSIGN request (#1118005)

[6.6.1p1-6 + 0.9.3-9]
- correct the calculation of bytes for authctxt->krb5_ccname (#1161073)

[6.6.1p1-5 + 0.9.3-9]
- change audit trail for unknown users (#1158521)

[6.6.1p1-4 + 0.9.3-9]
- revert the default of KerberosUseKuserok back to yes
- fix kuserok patch which checked for the existence of .k5login unconditionally
and hence prevented other mechanisms to be used properly

[6.6.1p1-3 + 0.9.3-9]
- fix parsing empty options in sshd_conf
- ignore SIGXFSZ in postauth monitor

[6.6.1p1-2 + 0.9.3-9]
- slightly change systemd units logic - use sshd-keygen.service (#1066615)
- log when a client requests an interactive session and only sftp is allowed (#1130198)
- sshd-keygen - don't generate DSA and ED25519 host keys in FIPS mode (#1143867)

[6.6.1p1-1 + 0.9.3-9]
- new upstream release (#1059667)
- prevent a server from skipping SSHFP lookup - CVE-2014-2653 (#1081338)
- make /etc/ssh/moduli file public (#1134448)
- test existence of /etc/ssh/ssh_host_ecdsa_key in sshd-keygen.service
- don't clean up gssapi credentials by default (#1134447)
- ssh-agent - try CLOCK_BOOTTIME with fallback (#1134449)
- disable the curve25519 KEX when speaking to OpenSSH 6.5 or 6.6
- add support for ED25519 keys to sshd-keygen and sshd.sysconfig
- standardise on NI_MAXHOST for gethostname() string lengths (#1097665)
- set a client's address right after a connection is set (mindrot#2257) (#912792)
- apply RFC3454 stringprep to banners when possible (mindrot#2058) (#1104662)
- don't consider a partial success as a failure (mindrot#2270) (#1112972)

Related CVEs

CVE-2014-2653

CVE-2014-9278

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 7 (x86_64)	openssh-6.6.1p1-11.el7.src.rpm	101626d1e4582f6b26cbffc6c3f4cf7b0831e7c818779bd7c28270df33df72a9	ELSA-2024-12233	ol7_x86_64_latest_archive
	openssh-6.6.1p1-11.el7.src.rpm	101626d1e4582f6b26cbffc6c3f4cf7b0831e7c818779bd7c28270df33df72a9	ELSA-2024-12233	ol7_x86_64_optional_archive
	openssh-6.6.1p1-11.el7.src.rpm	101626d1e4582f6b26cbffc6c3f4cf7b0831e7c818779bd7c28270df33df72a9	ELSA-2024-12233	ol7_x86_64_u1_base
	openssh-6.6.1p1-11.el7.x86_64.rpm	7a64e50a56282d4a0f53dbe855a7d5e1e5eacb22fde18900fbb20b34ec488037	ELSA-2024-12233	ol7_x86_64_latest_archive
	openssh-6.6.1p1-11.el7.x86_64.rpm	7a64e50a56282d4a0f53dbe855a7d5e1e5eacb22fde18900fbb20b34ec488037	ELSA-2024-12233	ol7_x86_64_u1_base
	openssh-askpass-6.6.1p1-11.el7.x86_64.rpm	23ffb98a99b8339f748f3a30fa4335095ad9afbbf7a969e5493c5d3e2565873a	ELSA-2024-12233	ol7_x86_64_latest_archive
	openssh-askpass-6.6.1p1-11.el7.x86_64.rpm	23ffb98a99b8339f748f3a30fa4335095ad9afbbf7a969e5493c5d3e2565873a	ELSA-2024-12233	ol7_x86_64_u1_base
	openssh-clients-6.6.1p1-11.el7.x86_64.rpm	84f4fd30c49adbf920a0ac48edd7f546b32dab7c6f469f562e59c8acafe7e924	ELSA-2024-12233	ol7_x86_64_latest_archive
	openssh-clients-6.6.1p1-11.el7.x86_64.rpm	84f4fd30c49adbf920a0ac48edd7f546b32dab7c6f469f562e59c8acafe7e924	ELSA-2024-12233	ol7_x86_64_u1_base
	openssh-keycat-6.6.1p1-11.el7.x86_64.rpm	3bc374d33ab02ae9d0e6d6a18407bef5f60c403165da760e5d53209c90c09c0c	ELSA-2024-12233	ol7_x86_64_latest_archive
	openssh-keycat-6.6.1p1-11.el7.x86_64.rpm	3bc374d33ab02ae9d0e6d6a18407bef5f60c403165da760e5d53209c90c09c0c	ELSA-2024-12233	ol7_x86_64_u1_base
	openssh-ldap-6.6.1p1-11.el7.x86_64.rpm	4aa070a9385d89f0794de1b88b3478639bb7625f24bd42459df1bfc4e55f0866	ELSA-2024-12233	ol7_x86_64_optional_archive
	openssh-server-6.6.1p1-11.el7.x86_64.rpm	35dfef0ace2436fbe4f2da9682599efdd56906056195cfa0cff6044a0116b149	ELSA-2024-12233	ol7_x86_64_latest_archive
	openssh-server-6.6.1p1-11.el7.x86_64.rpm	35dfef0ace2436fbe4f2da9682599efdd56906056195cfa0cff6044a0116b149	ELSA-2024-12233	ol7_x86_64_u1_base
	openssh-server-sysvinit-6.6.1p1-11.el7.x86_64.rpm	e6ddfbe4dde2a9b6d45ce9f4235b8e953d5925cb9a073c31ee1c81c4b9dc6f03	ELSA-2024-12233	ol7_x86_64_optional_archive
	pam_ssh_agent_auth-0.9.3-9.11.el7.i686.rpm	e7022573ae3802dc39afde9a72784e1130dacc8373cd8c647820148d5fbf2d62	ELSA-2024-12233	ol7_x86_64_optional_archive
	pam_ssh_agent_auth-0.9.3-9.11.el7.x86_64.rpm	2277752dd6513b07d7e4d1725cbc001a75e7d15db1941e2227bb8c09971f3290	ELSA-2024-12233	ol7_x86_64_optional_archive

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691