Bug 441066 - OpenSSH 5.0p1 was released
OpenSSH 5.0p1 was released
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: openssh (Show other bugs)
rawhide
All Linux
low Severity high
: ---
: ---
Assigned To: Tomas Mraz
Fedora Extras Quality Assurance
http://www.openssh.org/txt/release-5.0
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-04-05 14:30 EDT by Robert Scheck
Modified: 2008-04-08 02:55 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-04-08 02:55:35 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Robert Scheck 2008-04-05 14:30:05 EDT
Description of problem:
Changes since OpenSSH 4.9 [Security]: CVE-2008-1483: Avoid possible hijacking 
of X11-forwarded connections by refusing to listen on a port unless all address 
families bind successfully.

Version-Release number of selected component (if applicable):
openssh-4.7p1-9

Expected results:
openssh-5.0p1-1 or later... ;-)
Comment 1 Tomas Hoger 2008-04-06 05:28:29 EDT
Robert, as you have noticed, the only change between 4.9 and 5.0 is the patch
that is used in Fedora packages for a while.  See:

https://bugzilla.redhat.com/show_bug.cgi?id=439079#c1

I don't think this should block F9Target.
Comment 2 Robert Scheck 2008-04-06 05:40:38 EDT
If the patch is already in Fedora, you're right.
Comment 3 Tomas Mraz 2008-04-07 09:41:55 EDT
I plan to upgrade to openssh-5.0p1 after F9 is released - we are already past
feature freeze so a few weeks in testing updates seem to me more appropriate.
Comment 4 Tomas Mraz 2008-04-08 02:55:35 EDT
After reviewing the changes I decided to update it in rawhide.

Note You need to log in before you can comment on or make changes to this bug.