| Summary: | openssh new security issue CVE-2011-5000 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, guillomovitch, mageia, pterjan, sysadmin-bugs, tmb |
| Version: | 1 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/502711/ | ||
| Whiteboard: | mga1-32-OK, mga1-64-OK | ||
| Source RPM: | openssh-5.8p1-2.mga1.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2012-06-20 21:05:54 CEST
David Walser
2012-06-23 21:34:08 CEST
CC:
(none) =>
guillomovitch
David Walser
2012-06-23 21:34:18 CEST
CC:
(none) =>
mageia
David Walser
2012-06-23 21:34:24 CEST
CC:
(none) =>
pterjan I've patched the SPEC on mageia 1 and pushed to updates testing. Please note that we appear not to enable GSSAPI by default in our configs and thus this is likely a lower risk for us than for RedHat. I didn't look into the other bugs mentioned so if someone wants to take a more holistic look that's fine. I only reacted here due to it being a CVE (albeit a low risk one). I only have one mga1 box left and it will be upgraded soon once I fix the postgrey issue, so I will test this change in due course. Posting an advisory now. Will wait to assign to QA until later. Advisory: ======================== Updated openssh packages fix security vulnerability: The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field (CVE-2011-5000). Note: only systems on which GSSAPI authentication has been enabled are vulnerable to this flaw, as it is disabled by default in Mageia. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5000 https://rhn.redhat.com/errata/RHSA-2012-0884.html ======================== Updated packages in core/updates_testing: ======================== openssh-5.8p1-2.1.mga1 openssh-clients-5.8p1-2.1.mga1 openssh-server-5.8p1-2.1.mga1 openssh-askpass-common-5.8p1-2.1.mga1 openssh-askpass-5.8p1-2.1.mga1 openssh-askpass-gnome-5.8p1-2.1.mga1 from openssh-5.8p1-2.1.mga1.src.rpm Tested the package on x86_64. I do not have GSSAPI enabled so cannot test vuln, but regular operation is unaffected as expected. Testing complete on Mageia 1 i586. As gssapi is not normally enabled, just looking for regressions. Could someone from the sysadmin team push the srpm openssh-5.8p1-2.1.mga1.src.rpm from Mageia 1 Core Updates Testing to Core Updates. Advisory: Updated openssh packages fix security vulnerability: The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field (CVE-2011-5000). Note: only systems on which GSSAPI authentication has been enabled are vulnerable to this flaw, as it is disabled by default in Mageia. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5000 https://rhn.redhat.com/errata/RHSA-2012-0884.html https://bugs.mageia.org/show_bug.cgi?id=6524 Keywords:
(none) =>
validated_update Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0145 Status:
NEW =>
RESOLVED |