[SECURITY] Fedora Core 5 Update: openssh-4.3p2-4.10

Tomas Mraz tmraz at redhat.com
Tue Oct 3 20:02:52 UTC 2006 

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-1011
2006-10-03
---------------------------------------------------------------------

Product     : Fedora Core 5
Name        : openssh
Version     : 4.3p2
Release     : 4.10
Summary     : The OpenSSH implementation of SSH protocol versions 1 and 2
Description :
SSH (Secure SHell) is a program for logging into and executing
commands on a remote machine. SSH is intended to replace rlogin and
rsh, and to provide secure encrypted communications between two
untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.

OpenSSH is OpenBSD's version of the last free version of SSH, bringing
it up to date in terms of security and features, as well as removing
all patented algorithms to separate libraries.

This package includes the core files necessary for both the OpenSSH
client and server. To make this package useful, you should also
install openssh-clients, openssh-server, or both.

---------------------------------------------------------------------

* Mon Oct  2 2006 Tomas Mraz <tmraz at redhat.com> - 4.3p2-4.10
- improve gssapi-no-spnego patch (#208102)
- CVE-2006-4924 - prevent DoS on deattack detector (#207957)
- CVE-2006-5051 - don't call cleanups from signal handler (#208459)
* Wed Sep 13 2006 Tomas Mraz <tmraz at redhat.com> - 4.3p2-4.1
- sync with FC6 version
- build for FC5
* Wed Aug 23 2006 Tomas Mraz <tmraz at redhat.com> - 4.3p2-9
- don't report duplicate syslog messages, use correct local time (#189158)
- don't allow spnego as gssapi mechanism (from upstream)
- fixed memleaks found by Coverity (from upstream)
- allow ip options except source routing (#202856) (patch by HP)
* Tue Aug  8 2006 Tomas Mraz <tmraz at redhat.com> - 4.3p2-8
- drop the pam-session patch from the previous build (#201341)
- don't set IPV6_V6ONLY sock opt when listening on wildcard addr (#201594)
* Thu Jul 20 2006 Tomas Mraz <tmraz at redhat.com> - 4.3p2-7
- dropped old ssh obsoletes
- call the pam_session_open/close from the monitor when privsep is
  enabled so it is always called as root (patch by Darren Tucker)
* Mon Jul 17 2006 Tomas Mraz <tmraz at redhat.com> - 4.3p2-6
- improve selinux patch (by Jan Kiszka)
- upstream patch for buffer append space error (#191940)
- fixed typo in configure.ac (#198986)
- added pam_keyinit to pam configuration (#198628)
- improved error message when askpass dialog cannot grab
  keyboard input (#198332)
- buildrequires xauth instead of xorg-x11-xauth
- fixed a few rpmlint warnings
* Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com> - 4.3p2-5.1
- rebuild
* Fri Apr 14 2006 Tomas Mraz <tmraz at redhat.com> - 4.3p2-5
- don't request pseudoterminal allocation if stdin is not tty (#188983)

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

5c98cb4b8967a791d881996bf0ae2aa4a25caee6  SRPMS/openssh-4.3p2-4.10.src.rpm
5c98cb4b8967a791d881996bf0ae2aa4a25caee6  noarch/openssh-4.3p2-4.10.src.rpm
9dd5bd31a31253441c4ae1690a56006b80f77497  ppc/openssh-4.3p2-4.10.ppc.rpm
9090617bdbaf5d97e96f92105459dc9587fb9c87  ppc/openssh-askpass-4.3p2-4.10.ppc.rpm
96b96b01e785c3108301cc061fcbb5b0b816641a  ppc/debug/openssh-debuginfo-4.3p2-4.10.ppc.rpm
13178555cc955f76d7e33ad8802e489f9ba34b9f  ppc/openssh-server-4.3p2-4.10.ppc.rpm
6779c64cdc26e9d7e6b073aa75739810e0a9e657  ppc/openssh-clients-4.3p2-4.10.ppc.rpm
083448709bb91ee64c117eac705d102c41fa1516  x86_64/debug/openssh-debuginfo-4.3p2-4.10.x86_64.rpm
24cdf5dcadc284749733c10d21f77013c0935e7d  x86_64/openssh-4.3p2-4.10.x86_64.rpm
68651a636a1a57f125e97b7db55192825871c69b  x86_64/openssh-clients-4.3p2-4.10.x86_64.rpm
e3e0807a6dc3d68005e707a377131143c3e93e9d  x86_64/openssh-askpass-4.3p2-4.10.x86_64.rpm
09e761111e6a465462d6a58adc119eaef4764c0d  x86_64/openssh-server-4.3p2-4.10.x86_64.rpm
adebe36cd65404740ec27850870a9cab5a18fc88  i386/openssh-server-4.3p2-4.10.i386.rpm
e99d523ddc61525fdc4f48b9a32b9228d37cdf5a  i386/openssh-clients-4.3p2-4.10.i386.rpm
9cccefa6356c010ea43d84f69722ef2116976a06  i386/debug/openssh-debuginfo-4.3p2-4.10.i386.rpm
7bc91145f2f8a02e2f9a2d84c842a48475cee6ac  i386/openssh-askpass-4.3p2-4.10.i386.rpm
9aa97dcc4fdccce05543f41d435ec69b9bba921d  i386/openssh-4.3p2-4.10.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

More information about the Fedora-package-announce mailing list