Bug 613627 - the patch for distribution authozed keys should be updated
the patch for distribution authozed keys should be updated
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: openssh (Show other bugs)
All Linux
high Severity high
: rc
: ---
Assigned To: Tomas Mraz
Miroslav Vadkerti
Depends On:
  Show dependency treegraph
Reported: 2010-07-12 09:07 EDT by Jan F. Chadima
Modified: 2010-11-10 16:17 EST (History)
4 users (show)

See Also:
Fixed In Version: openssh-5.3p1-19.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2010-11-10 16:17:06 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jan F. Chadima 2010-07-12 09:07:42 EDT
Description of problem:
the patch enabling distribution of the aythorized keys should be updated to be compatible with the upstream version.
Comment 1 Tomas Mraz 2010-07-12 09:19:45 EDT
The patch as is currently included in RHEL-6 openssh package has some minor security weaknessess - not vulnerabilities per se but the administrator might create insecure configurations with it.
Comment 6 Miroslav Vadkerti 2010-08-12 06:17:40 EDT
VERIFIED as fixed in openssh-5.3p1-19.el6

NEW PACKAGE - openssh-5.3p1-19.el6
:: [   PASS   ] :: File '/etc/ssh/sshd_config' should contain 'AuthorizedKeysCommand'
:: [   PASS   ] :: File '/etc/ssh/sshd_config' should contain 'AuthorizedKeysCommandRunAs'
:: [   PASS   ] :: RESULT: Test

OLD PACKAGE - openssh-5.3p1-18.el6
:: [   FAIL   ] :: File '/etc/ssh/sshd_config' should contain 'AuthorizedKeysCommand' 
:: [   FAIL   ] :: File '/etc/ssh/sshd_config' should contain 'AuthorizedKeysCommandRunAs' 
:: [   FAIL   ] :: RESULT: Test
Comment 7 releng-rhel@redhat.com 2010-11-10 16:17:06 EST
Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.

Note You need to log in before you can comment on or make changes to this bug.