FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 03-26-2010, 10:25 PM
Michał Piotrowski
 
Default CVE-2009-2904 - not patched F11 openssh?

Hi,

Vulnerability described in CVE-2009-2904
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2904 was
addressed in https://rhn.redhat.com/errata/RHSA-2009-1470.html for
RHEL. Isn't F11 openssh version also vulnerable?

Regards,
Michal
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 03-27-2010, 12:17 PM
Steve Grubb
 
Default CVE-2009-2904 - not patched F11 openssh?

On Friday 26 March 2010 07:25:53 pm Michał Piotrowski wrote:
> Vulnerability described in CVE-2009-2904
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2904 was
> addressed in https://rhn.redhat.com/errata/RHSA-2009-1470.html for
> RHEL. Isn't F11 openssh version also vulnerable?

RHEL5 uses version 4.3. The CVE was caused by a flaw in a patch that backported
a feature from 4.8 to 4.3. Fedora 11 is on 5.2, so it should not be
vulnerable.

-Steve
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 03-27-2010, 07:09 PM
Steve Grubb
 
Default CVE-2009-2904 - not patched F11 openssh?

On Saturday 27 March 2010 09:17:55 am Steve Grubb wrote:
> On Friday 26 March 2010 07:25:53 pm Michał Piotrowski wrote:
> > Vulnerability described in CVE-2009-2904
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2904 was
> > addressed in https://rhn.redhat.com/errata/RHSA-2009-1470.html for
> > RHEL. Isn't F11 openssh version also vulnerable?
>
> RHEL5 uses version 4.3. The CVE was caused by a flaw in a patch that
> backported a feature from 4.8 to 4.3. Fedora 11 is on 5.2, so it should
> not be vulnerable.

More research...looks like this took care of it:

* Mon Sep 21 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-6
- remove homechroot patch

So if you are on 5.2p1-6, you should be OK.

-Steve
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 03-27-2010, 07:17 PM
Michał Piotrowski
 
Default CVE-2009-2904 - not patched F11 openssh?

2010/3/27 Steve Grubb <sgrubb@redhat.com>:
> On Saturday 27 March 2010 09:17:55 am Steve Grubb wrote:
>> On Friday 26 March 2010 07:25:53 pm Michał Piotrowski wrote:
>> > Vulnerability described in CVE-2009-2904
>> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2904 was
>> > addressed in https://rhn.redhat.com/errata/RHSA-2009-1470.html for
>> > RHEL. Isn't F11 openssh version also vulnerable?
>>
>> RHEL5 uses version 4.3. The CVE was caused by a flaw in a patch that
>> backported a feature from 4.8 to 4.3. Fedora 11 is on 5.2, so it should
>> not be vulnerable.
>
> More research...looks like this took care of it:
>
> * Mon Sep 21 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-6
> - remove homechroot patch
>
> So if you are on 5.2p1-6, you should be OK.
>

This upgrade should be pushed to updates-testing and updates

yum --enablerepo=updates-testing upgrade openssh
[..]
openssh x86_64 5.2p1-5.fc11 updates-testing 265 k

Regards,
Michal
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 03-28-2010, 01:21 AM
Steve Grubb
 
Default CVE-2009-2904 - not patched F11 openssh?

On Saturday 27 March 2010 04:17:13 pm Michał Piotrowski wrote:
> > So if you are on 5.2p1-6, you should be OK.
>
> This upgrade should be pushed to updates-testing and updates
>
> yum --enablerepo=updates-testing upgrade openssh
> [..]
> openssh x86_64 5.2p1-5.fc11 updates-testing
> 265 k

I'll see that this is pushed out as soon as we can. In the meantime, you can
grab it here:

http://koji.fedoraproject.org/koji/buildinfo?buildID=132898

-Steve
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 03-28-2010, 11:29 AM
Michał Piotrowski
 
Default CVE-2009-2904 - not patched F11 openssh?

W dniu 28 marca 2010 04:21 użytkownik Steve Grubb <sgrubb@redhat.com> napisał:
> On Saturday 27 March 2010 04:17:13 pm Michał Piotrowski wrote:
>> > So if you are on 5.2p1-6, you should be OK.
>>
>> This upgrade should be pushed to updates-testing and updates
>>
>> yum --enablerepo=updates-testing upgrade openssh
>> [..]
>> *openssh * * * * * * *x86_64 * * *5.2p1-5.fc11 * * * updates-testing
>> 265 k
>
> I'll see that this is pushed out as soon as we can.

Ok, thanks!

> In the meantime, you can
> grab it here:
>
> http://koji.fedoraproject.org/koji/buildinfo?buildID=132898
>
> -Steve
>
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 

Thread Tools




All times are GMT. The time now is 05:13 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org