Red Hat Bugzilla – Bug 60829
HIGH: Existing users will gain root privileges.
Last modified: 2014-01-21 17:48:02 EST
Description of Problem:
Existing users will gain root privileges.
Version-Release number of selected component (if applicable):
All versions between 2.0 and 3.0.2
Steps to Reproduce:
OpenSSH 3.1 released March 7, 2002.
An errata is in the works for this.
This will be RHSA-2002:043 when it's released.
wanted to say thanks for including the red hat linux 6.X patch in the spec file
for 3.1p1 - saved our asses on some older machines.
/me hugs nalin. ;)
For anyone rebuilding these rpms on 6.X - the included patch will break ssh-1
connection attempts to a machine running 3.1p1 linked to openssl095a.
more information here:
hopefully a patch will be coming soon.
3.1p1 should be rebuilt to include the last patch by Markus Friedl
(http://bugzilla.mindrot.org/showattachment.cgi?attach_id=35) that attempts to
fix problems with openssl 0.9.5a on RHL 6.2. However there still seem to be
some problems even with this patch, so perhaps waiting a couple more days
However once it's fixed, please rebuild it :)
this patch fixes the ssh1 problems for ssh1 and 3des
blowfish is still off.