Technical Description

Fedora has released updated packages to address a vulnerability identified in OpenSSH. This flaw could be exploited in combination with other vulnerabilities to weaken the authentication process. For additional information, see : VUPEN/ADV-2006-4399

Affected Products

Fedora Core 5
Fedora Core 6

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

58b7ced28ce83becce673a66c87bb1ffb8f5b850 SRPMS/openssh-4.3p2-4.11.fc5.src.rpm
58b7ced28ce83becce673a66c87bb1ffb8f5b850 noarch/openssh-4.3p2-4.11.fc5.src.rpm
f96f1dd8862835862dc1da573f6d365a7557206d ppc/openssh-clients-4.3p2-4.11.fc5.ppc.rpm
f43f788ba21cd4d1d9f47f49922c21bd8f9b413b ppc/openssh-server-4.3p2-4.11.fc5.ppc.rpm
24be5cc4ffd8865a4c0d745812d06a8fe6648346 ppc/debug/openssh-debuginfo-4.3p2-4.11.fc5.ppc.rpm
198e7f4c50dcd236dd342bf2a7a4d6bf4fa63bc8 ppc/openssh-4.3p2-4.11.fc5.ppc.rpm
2724e01c4a8c36337fe8ed313e1eafca7bd1f6a9 ppc/openssh-askpass-4.3p2-4.11.fc5.ppc.rpm
5cb74de90d8667f700a9c3773636ef2a82416311 x86_64/openssh-4.3p2-4.11.fc5.x86_64.rpm
5063a8356d5072a26df40074fd33d9c4d02355ef x86_64/openssh-clients-4.3p2-4.11.fc5.x86_64.rpm
a1d15f584885babff7999624fd5b6a5118911836 x86_64/openssh-server-4.3p2-4.11.fc5.x86_64.rpm
2dcd53d558af1cafe299d70c2988ae5e844b4619 x86_64/debug/openssh-debuginfo-4.3p2-4.11.fc5.x86_64.rpm
23db8344d3f38035d091845f24b04af10ff553fc x86_64/openssh-askpass-4.3p2-4.11.fc5.x86_64.rpm
9eb97b6fee2c9e3a19bbe3827568de312bcbe294 i386/openssh-4.3p2-4.11.fc5.i386.rpm
01e6155a3f640367b9bdd2bfb71690d8aa7278aa i386/openssh-server-4.3p2-4.11.fc5.i386.rpm
dbd74691f39ba7c88d71fea4ecafa24d28f9dda4 i386/openssh-askpass-4.3p2-4.11.fc5.i386.rpm
8e7921de375435cba08af873ea57472df2c8063e i386/debug/openssh-debuginfo-4.3p2-4.11.fc5.i386.rpm
17f4b7adfbbd29c2668b4c72353df5fa4c50b4f2 i386/openssh-clients-4.3p2-4.11.fc5.i386.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

dbe81cb6bf333400dacd4ca24bf4a56402b1a2e2 SRPMS/openssh-4.3p2-10.0.fc6.src.rpm
dbe81cb6bf333400dacd4ca24bf4a56402b1a2e2 noarch/openssh-4.3p2-10.0.fc6.src.rpm
4e4a4811bb11d2629d7472f4fce6db07e5fd7c6a ppc/openssh-clients-4.3p2-10.0.fc6.ppc.rpm
97e114ffcb0f9c4690f9ed10fe60b9cf0600cec2 ppc/debug/openssh-debuginfo-4.3p2-10.0.fc6.ppc.rpm
f4796622044a73e2c493d75a162cb105bd5313c0 ppc/openssh-server-4.3p2-10.0.fc6.ppc.rpm
26157757475ef96523e6629714a1f188461b82ac ppc/openssh-4.3p2-10.0.fc6.ppc.rpm
6860400122bc01d2c240ccf3fe088cebc27fc3b9 ppc/openssh-askpass-4.3p2-10.0.fc6.ppc.rpm
43f979282c0cd680a5c88904d5fa82aa7331af70 x86_64/openssh-askpass-4.3p2-10.0.fc6.x86_64.rpm
ea8acc90dcb289bcd00a8f8c9154f037973f10d6 x86_64/debug/openssh-debuginfo-4.3p2-10.0.fc6.x86_64.rpm
0ec2022cbb577ad3684cbbe96ee60447246b261e x86_64/openssh-4.3p2-10.0.fc6.x86_64.rpm
f2a24eedc57ac3ef386e6a888bed0df5205c2d43 x86_64/openssh-clients-4.3p2-10.0.fc6.x86_64.rpm
e72a537ee4d522af6bea99d14e66f8e5707d85e6 x86_64/openssh-server-4.3p2-10.0.fc6.x86_64.rpm
51b88ebd0670475639a9abc11a6e2950b5bd7561 i386/openssh-clients-4.3p2-10.0.fc6.i386.rpm
eb9e72060be3ad59e604e3173ee35156e78ce0bb i386/openssh-askpass-4.3p2-10.0.fc6.i386.rpm
78f933a6009f864674e402d768dd9fe5771c09ba i386/openssh-4.3p2-10.0.fc6.i386.rpm
f852358136f4968e0c97404ce2464b32174ee8b7 i386/openssh-server-4.3p2-10.0.fc6.i386.rpm
26ca4f1122df23902bcd23599f05103c97b30529 i386/debug/openssh-debuginfo-4.3p2-10.0.fc6.i386.rpm

References

http://www.vupen.com/english/advisories/2006/4648
https://www.redhat.com/archives/fedora-package-announce/2006-November/msg00150.html
https://www.redhat.com/archives/fedora-package-announce/2006-November/msg00153.html

ChangeLog

2006-11-22 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.