- Issued:
- 2011-12-06
- Updated:
- 2011-12-06
RHBA-2011:1551 - openssh bug fix and enhancement update
Synopsis
openssh bug fix and enhancement update
Type/Severity
Bug Fix Advisory (none)
Topic
Updated openssh packages that fix multiple bugs and add one enhancement are now available for Red Hat Enterprise Linux 6.
Description
OpenSSH is OpenBSD's Secure Shell (SSH) protocol implementation. These packages include the core files necessary for the OpenSSH client and server.
This update fixes the following bugs:
-
Prior to this update, SELinux could prevent users from uploading new files to their home directories in a chrooted Secure File Transfer Protocol (SFTP) environment. This bug has been fixed and users are now able to upload and download files in chrooted environment using SFTP. (BZ#685060)
-
Prior to this update, multiple manual pages contained formatting errors. As a consequence, error messages or warnings could be displayed when viewing these manual pages. The formatting has been corrected and the error messages and warnings are no longer displayed.(BZ#705397, BZ#728459)
-
Previously, when the SSH_USE_STRONG_RNG environment variable was set to 1, openssh read 48 bytes from the /dev/random number generator to generate a seed. This seed was too long and caused long delays on ssh or sshd startup and when connections were received. Now, the SSH_USE_STRONG_RNG variable contains the number of bytes that should be pulled from /dev/random (with a minimum default value of six) and the delays no longer occur. (BZ#708056)
-
Previously, when restarting the dovecot service, ssh could become unresponsive. With this update, the source code is modified and the dovecot service now restarts properly and without hanging. (BZ#714554)
-
Prior to this update, the debuginfo file was missing in the debuginfo package. With this update, the debuginfo file is included in the package and users can now view all debug information. (BZ#729021)
-
Previously, the lastlog command did not show the last login of a user with a big user ID on 32-bit architectures. With this update, the source code is modified so that the last login information is now always recorded. (BZ#731939)
This update also adds the following enhancement:
- With this update, multiple manual pages now describe Internet Protocol version 6 (IPv6) usage. (BZ#695781)
All users of openssh are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.
Solution
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.http://kbase.redhat.com/faq/docs/DOC-11259
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Scientific Computing | 6 | x86_64 |
| Red Hat Enterprise Linux for Power, big endian | 6 | ppc64 |
| Red Hat Enterprise Linux for IBM z Systems | 6 | s390x |
| Red Hat Enterprise Linux Workstation | 6 | x86_64 |
| Red Hat Enterprise Linux Workstation | 6 | i386 |
| Red Hat Enterprise Linux Server | 6 | x86_64 |
| Red Hat Enterprise Linux Server | 6 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 6 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 6 | i386 |
| Red Hat Enterprise Linux Server - Retired Extended Life Cycle Support | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Desktop | 6 | x86_64 |
| Red Hat Enterprise Linux Desktop | 6 | i386 |
Updated Packages
- openssh-ldap-5.3p1-70.el6.x86_64.rpm
- openssh-clients-5.3p1-70.el6.ppc64.rpm
- openssh-server-5.3p1-70.el6.s390x.rpm
- openssh-ldap-5.3p1-70.el6.ppc64.rpm
- openssh-debuginfo-5.3p1-70.el6.i686.rpm
- openssh-debuginfo-5.3p1-70.el6.x86_64.rpm
- pam_ssh_agent_auth-0.9-70.el6.i686.rpm
- openssh-clients-5.3p1-70.el6.x86_64.rpm
- pam_ssh_agent_auth-0.9-70.el6.x86_64.rpm
- openssh-askpass-5.3p1-70.el6.ppc64.rpm
- openssh-5.3p1-70.el6.x86_64.rpm
- openssh-clients-5.3p1-70.el6.s390x.rpm
- openssh-server-5.3p1-70.el6.ppc64.rpm
- openssh-askpass-5.3p1-70.el6.s390x.rpm
- openssh-debuginfo-5.3p1-70.el6.s390.rpm
- openssh-ldap-5.3p1-70.el6.i686.rpm
- openssh-askpass-5.3p1-70.el6.x86_64.rpm
- pam_ssh_agent_auth-0.9-70.el6.s390.rpm
- openssh-debuginfo-5.3p1-70.el6.ppc64.rpm
- pam_ssh_agent_auth-0.9-70.el6.ppc64.rpm
- openssh-5.3p1-70.el6.ppc64.rpm
- openssh-ldap-5.3p1-70.el6.s390x.rpm
- openssh-debuginfo-5.3p1-70.el6.s390x.rpm
- openssh-5.3p1-70.el6.i686.rpm
- openssh-clients-5.3p1-70.el6.i686.rpm
- openssh-server-5.3p1-70.el6.i686.rpm
- openssh-5.3p1-70.el6.src.rpm
- openssh-askpass-5.3p1-70.el6.i686.rpm
- openssh-server-5.3p1-70.el6.x86_64.rpm
- openssh-debuginfo-5.3p1-70.el6.ppc.rpm
- pam_ssh_agent_auth-0.9-70.el6.ppc.rpm
- pam_ssh_agent_auth-0.9-70.el6.s390x.rpm
- openssh-5.3p1-70.el6.s390x.rpm
Fixes
- This content is not included.BZ - 685060
- This content is not included.BZ - 695781
- This content is not included.BZ - 705397
- This content is not included.BZ - 708389
- This content is not included.BZ - 714554
- This content is not included.BZ - 728459
- This content is not included.BZ - 729021
- This content is not included.BZ - 731939
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.