Red Hat Bugzilla – Full Text Bug Listing
|Summary:||need openssh 5.8 or higher in F15|
|Component:||openssh||Assignee:||Petr Lautrbach <plautrba>|
|Status:||CLOSED ERRATA||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Version:||15||CC:||mattias.ellert, mgrepl, plautrba, tmraz|
|Fixed In Version:||openssh-5.6p1-35.fc15||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2012-02-25 03:30:21 EST||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description brian.broussard 2012-01-25 11:39:30 EST
Description of problem: The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0539 Expected results: As Fedora 15 in still in support, one would aspect a new openssh release to be placed in a Fedora 15 rpm... it is currently in Fedora 16 & 17 (as is expected). I am not stating this as an issue NIST is.... thus I must comply hopefully it is in the works... thanks
Comment 1 Petr Lautrbach 2012-02-10 07:20:52 EST
Fix from http://www.openssh.com/txt/legacy-cert.adv should be satisfactory.
Comment 2 Fedora Update System 2012-02-14 11:38:25 EST
openssh-5.6p1-35.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/openssh-5.6p1-35.fc15
Comment 3 Fedora Update System 2012-02-15 06:30:17 EST
Package openssh-5.6p1-35.fc15: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing openssh-5.6p1-35.fc15' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-1673/openssh-5.6p1-35.fc15 then log in and leave karma (feedback).
Comment 4 Fedora Update System 2012-02-25 03:30:21 EST
openssh-5.6p1-35.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.