Red Hat Bugzilla – Bug 28134
Upgrade to openssh-2.3.0 must be published as security fix
Last modified: 2008-05-01 11:37:59 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.75 [en] (X11; U; Linux 2.2.16-22smp i686)
A security hole in openssh 2.2, as shipped with RedHat 7, has been
published. It can
be fixed by upgrading to 2.3, which is available from redhat.com, but this
version is not
yet included in the version 7.0 security patch list.
Steps to Reproduce:
See security advisory. The hole depends on Protocol 1 being enabled, which
it is by
http://www.openssh.com/security.html also points out the need to upgrade.
We're looking at using 2.5.1p1 (or p2, if available) as a security fix.
2.5.2p2 has been released as a security errata, superceding 2.3.0p1.