Описание
ELSA-2007-0540: openssh security and bug fix update (MODERATE)
[4.3p2-24]
- fixed audit log injection problem (CVE-2007-3102) (#248059)
[4.3p2-23]
- document where the nss certificate and token dbs are looked for
[4.3p2-22]
- experimental support for PKCS#11 tokens through libnss3 (#183423)
[4.3p2-21]
- fix an information leak in Kerberos password authentication (CVE-2006-5052) (#234638)
- correctly setup context when empty level requested (#234951)
[4.3p2-20]
- and always request default level as returned by getseuserbyname (#231695)
[4.3p2-19]
- check requested level context against a context with the same role (#231695)
[4.3p2-18]
- reject connection if requested mls range is not obtained (#229278)
[4.3p2-17]
- allow selecting non-default roles and audit role changes (#227733)
Обновленные пакеты
Oracle Linux 5
Oracle Linux x86_64
openssh
4.3p2-24.el5
openssh-askpass
4.3p2-24.el5
openssh-clients
4.3p2-24.el5
openssh-server
4.3p2-24.el5
Oracle Linux i386
openssh
4.3p2-24.el5
openssh-askpass
4.3p2-24.el5
openssh-clients
4.3p2-24.el5
openssh-server
4.3p2-24.el5
Связанные CVE
Связанные уязвимости
Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information.
Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information.
Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information.
Unspecified vulnerability in the linux_audit_record_event function in ...
Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."