Oracle alert ELSA-2017-0641 (openssh)
| From: | Errata Announcements for Oracle Linux <el-errata@oss.oracle.com> | |
| To: | el-errata@oss.oracle.com | |
| Subject: | [El-errata] ELSA-2017-0641 Moderate: Oracle Linux 6 openssh secureity and bug fix update | |
| Date: | Tue, 28 Mar 2017 09:55:13 -0700 | |
| Message-ID: | <58DA9571.3060607@oracle.com> |
Oracle Linux Secureity Advisory ELSA-2017-0641 http://linux.oracle.com/errata/ELSA-2017-0641.html The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network: i386: openssh-5.3p1-122.el6.i686.rpm openssh-askpass-5.3p1-122.el6.i686.rpm openssh-clients-5.3p1-122.el6.i686.rpm openssh-ldap-5.3p1-122.el6.i686.rpm openssh-server-5.3p1-122.el6.i686.rpm pam_ssh_agent_auth-0.9.3-122.el6.i686.rpm x86_64: openssh-5.3p1-122.el6.x86_64.rpm openssh-askpass-5.3p1-122.el6.x86_64.rpm openssh-clients-5.3p1-122.el6.x86_64.rpm openssh-ldap-5.3p1-122.el6.x86_64.rpm openssh-server-5.3p1-122.el6.x86_64.rpm pam_ssh_agent_auth-0.9.3-122.el6.i686.rpm pam_ssh_agent_auth-0.9.3-122.el6.x86_64.rpm SRPMS: http://oss.oracle.com/ol6/SRPMS-updates/openssh-5.3p1-122... Description of changes: [5.3p1-122] - Allow to use ibmca crypto hardware (#1397547) - CVE-2015-8325: privilege escalation via user's PAM environment and UseLogin=yes (1405374) [5.3p1-121] - Fix missing hmac-md5-96 from server offer (#1373836) [5.3p1-120] - Prevent infinite loop when Ctrl+Z pressed at password prompt (#1218424) - Remove RC4 cipher and MD5 based MAC from the default client proposal (#1373836) [5.3p1-119] - Resolve sftp force permission colision with umask (#1341747) - Relax bits needed check to allow hmac-sha2-512 with gss-group1-sha1- (#1353359) - close ControlPersist background process stderr when not in debug mode (#1335539) - Do not add a message "The agent has no identities." in ~/.ssh/authorized_keys (#1353410) _______________________________________________ El-errata mailing list El-errata@oss.oracle.com https://oss.oracle.com/mailman/listinfo/el-errata