Red Hat ENTERPRISE LINUX 5.5 - TECHNICAL NOTES Manual page 206

Chapter 1. Package Updates
* in order to comply with the FIPS 140-2 standard, Security Requirements for Cryptographic Modules,
RAND_cleanup() function calls were added to places where processes, and their child processes,
exited, in both the ssh program and the sshd service.
All users of openssh are advised to upgrade to these updated packages, which resolve this issue.
1.144.3. RHSA-2009:1470: Moderate security update
Important
This update has already been released (prior to the GA of this release) as the security
RHSA-2009:1470
errata
Updated openssh packages that fix a security issue are now available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red Hat Security Response
Team.
OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the
core files necessary for both the OpenSSH client and server.
A Red Hat specific patch used in the openssh packages as shipped in Red Hat Enterprise Linux 5.4
(RHSA-2009:1287) loosened certain ownership requirements for directories used as arguments for
the ChrootDirectory configuration options. A malicious user that also has or previously had non-chroot
shell access to a system could possibly use this flaw to escalate their privileges and run commands as
any system user. (CVE-2009-2904
All OpenSSH users are advised to upgrade to these updated packages, which contain a backported
patch to resolve this issue. After installing this update, the OpenSSH server daemon (sshd) will be
restarted automatically.
1.144.4. RHBA-2010:0193: bug fix update
Updated openssh packages that fix various bugs and add an enhancement are now available.
OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the
core files necessary for both the OpenSSH client and server.
These packages address the following bugs:
* When sshd used multiple SFTP channels simultaneously, each SFTP channel leaked a unix socket.
This socket leak could have eventually caused the sshd daemon to monopolize system resources.
The bug has been fixed with these updated packages by ensuring that there is no socket leak within a
subsystem. (BZ#530358
* If a zero length SSH2 DSA key existed, the ssh init script would hang. This issue has been fixed
by allowing the ssh init script to automatically overwrite any zero length keys that exist. The ssh init
script now functions as expected, even if a zero length key exists before execution of the script.
1628
(BZ#531738 )
1624
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=561420
1626
https://www.redhat.com/security/data/cve/CVE-2009-2904.html
1627
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=530358
1628
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=531738
196
1625
1626
)
1627
)
1624
(BZ#561420 )