MDVSA-2013:022

Nome do pacote

openssh

Data

2013-03-13

ID Alerta

MDVSA-2013:022

Versões afetadas

MES5 i586 , MES5 x86_64

Descrição do problema

Multiple vulnerabilities has been found and corrected in openssh:

The auth_parse_options function in auth-options.c in sshd in OpenSSH
before 5.7 provides debug messages containing authorized_keys command
options, which allows remote authenticated users to obtain potentially
sensitive information by reading these messages, as demonstrated by
the shared user account required by Gitolite. NOTE: this can cross
privilege boundaries because a user account may intentionally have no
shell or filesystem access, and therefore may have no supported way to
read an authorized_keys file in its own home directory (CVE-2012-0814).

The default configuration of OpenSSH through 6.1 enforces a fixed
time limit between establishing a TCP connection and completing a
login, which makes it easier for remote attackers to cause a denial
of service (connection-slot exhaustion) by periodically making many
new TCP connections (CVE-2010-5107).

The updated packages have been patched to correct these issues.

Pacotes atualizados

MES5 i586

 d4dc59e94c2f0f4ca4ed3d29c05afd9d  mes5/i586/openssh-5.1p1-2.3mdvmes5.2.i586.rpm
 6bb053a5d82451594d433c0059c5f7a7  mes5/i586/openssh-askpass-5.1p1-2.3mdvmes5.2.i586.rpm
 cc26585ed65704d2fa6c0bcb102953c7  mes5/i586/openssh-askpass-common-5.1p1-2.3mdvmes5.2.i586.rpm
 06ded6e5614c7a188a676550934e98bb  mes5/i586/openssh-askpass-gnome-5.1p1-2.3mdvmes5.2.i586.rpm
 860932e1a599ec68a150879b9c9abe52  mes5/i586/openssh-clients-5.1p1-2.3mdvmes5.2.i586.rpm
 fe26afea6473e680a45979a904bb7e3d  mes5/i586/openssh-server-5.1p1-2.3mdvmes5.2.i586.rpm 
 baa4beb7bfb76b7706166e7870ddd210  mes5/SRPMS/openssh-5.1p1-2.3mdvmes5.2.src.rpm

MES5 x86_64

 1c43725b46c279b7295c16e0fb9f43bf  mes5/x86_64/openssh-5.1p1-2.3mdvmes5.2.x86_64.rpm
 d0231e13471148dfed86f75c4f99a2d0  mes5/x86_64/openssh-askpass-5.1p1-2.3mdvmes5.2.x86_64.rpm
 2c06080b369ab13a9c95df47336aeb13  mes5/x86_64/openssh-askpass-common-5.1p1-2.3mdvmes5.2.x86_64.rpm
 9fc99fb86e43c00139329787c7b3829d  mes5/x86_64/openssh-askpass-gnome-5.1p1-2.3mdvmes5.2.x86_64.rpm
 63621dfc8b9c4bf731711af418ea5c5f  mes5/x86_64/openssh-clients-5.1p1-2.3mdvmes5.2.x86_64.rpm
 ea5653a3e6d790ce02f11fbcd722801d  mes5/x86_64/openssh-server-5.1p1-2.3mdvmes5.2.x86_64.rpm 
 baa4beb7bfb76b7706166e7870ddd210  mes5/SRPMS/openssh-5.1p1-2.3mdvmes5.2.src.rpm

Referências

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0814
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5107