Bug 784641

Summary: need openssh 5.8 or higher in F15
Product: [Fedora] Fedora Reporter: brian.broussard
Component: opensshAssignee: Petr Lautrbach <plautrba>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 15CC: mattias.ellert, mgrepl, plautrba, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: openssh-5.6p1-35.fc15 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-02-25 08:30:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description brian.broussard 2012-01-25 16:39:30 UTC 
Description of problem:

The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0539


Expected results: 

As Fedora 15 in still in support, one would aspect a new openssh release to be placed in a Fedora 15 rpm... it is currently in Fedora 16 & 17 (as is expected). 

I am not stating this as an issue NIST is.... thus I must comply

hopefully it is in the works...

thanks
Comment 1 Petr Lautrbach 2012-02-10 12:20:52 UTC 
Fix from http://www.openssh.com/txt/legacy-cert.adv should be satisfactory.
Comment 2 Fedora Update System 2012-02-14 16:38:25 UTC 
openssh-5.6p1-35.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/openssh-5.6p1-35.fc15
Comment 3 Fedora Update System 2012-02-15 11:30:17 UTC 
Package openssh-5.6p1-35.fc15:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing openssh-5.6p1-35.fc15'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-1673/openssh-5.6p1-35.fc15
then log in and leave karma (feedback).
Comment 4 Fedora Update System 2012-02-25 08:30:21 UTC 
openssh-5.6p1-35.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.