Bug 32580

Summary: Need openssh 2.5.2p1 !!
Product: [Retired] Red Hat Linux Reporter: Chris Evans <chris>
Component: opensshAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 7.1CC: dr, pbrown
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-03-21 23:08:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Chris Evans 2001-03-21 23:08:45 UTC 
Currently in Rawhide I see
openssh-2.5.1p1-7.src.rpm
.
Bzzt - still contains vulnerabilities relating to traffic analysis.
See Solar's advisory:
http://www.securityfocus.com/archive/1/169840
.
Some of the fixes made it into 2.5.1, but NOT ALL!
Please ship 2.5.2 with RH7.1. Note that 2.5.2 is also claimed
to fix some incompatibilities 2.5.1 introduced.
Comment 1 Preston Brown 2001-03-21 23:24:26 UTC 
we akready have 2.5.2p1 in our tree.
Comment 2 Chris Evans 2001-03-22 01:23:49 UTC 
Excellent! I'm not lazy, I _did_ check - must be a victim
of lag between your internal tree and beta.redhat.com :-)
Comment 3 Daniel Roesen 2001-03-22 17:09:39 UTC 
Hm, is this perhaps serious enough to justify a general OpenSSH errata update to
2.5.2p1?