Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2013-1591)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.123517

Category: Oracle Linux Local Security Checks

Title: Oracle: Security Advisory (ELSA-2013-1591)

Summary: The remote host is missing an update for the 'openssh' package(s) announced via the ELSA-2013-1591 advisory.

Description: Summary:
The remote host is missing an update for the 'openssh' package(s) announced via the ELSA-2013-1591 advisory.

Vulnerability Insight:
[5.3p1-94]
- use dracut-fips package to determine if a FIPS module is installed (#1001565)

[5.3p1-93]
- use dist tag in suffixes for hmac checksum files (#1001565)

[5.3p1-92]
- use hmac_suffix for ssh{,d} hmac checksums (#1001565)

[5.3p1-91]
- fix NSS keys support (#1004763)

[5.3p1-90]
- change default value of MaxStartups - CVE-2010-5107 - #908707
- add -fips subpackages that contains the FIPS module files (#1001565)

[5.3p1-89]
- don't use SSH_FP_MD5 for fingerprints in FIPS mode (#998835)

[5.3p1-88]
- do ssh_gssapi_krb5_storecreds() twice - before and after pam session (#974096)

[5.3p1-87]
- bump the minimum value of SSH_USE_STRONG_RNG to 14 according to SP800-131A (#993577)
- fixed an issue with broken 'ssh -I pkcs11' (#908038)
- abort non-subsystem sessions to forced internal sftp-server (#993509)
- reverted 'store krb5 credentials after a pam session is created (#974096)'

[5.3p1-86]
- Add support for certificate key types for users and hosts (#906872)
- Apply RFC3454 stringprep to banners when possible (#955792)

[5.3p1-85]
- fix chroot logging issue (#872169)
- change the bad key permissions error message (#880575)
- fix a race condition in ssh-agent (#896561)
- backport support for PKCS11 from openssh-5.4p1 (#908038)
- add a KexAlgorithms knob to the client and server configuration (#951704)
- fix parsing logic of ldap.conf file (#954094)
- Add HMAC-SHA2 algorithm support (#969565)
- store krb5 credentials after a pam session is created (#974096)

Affected Software/OS:
'openssh' package(s) on Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-5107
BugTraq ID: 58162
http://www.securityfocus.com/bid/58162
HPdes Security Advisory: HPSBMU03409
http://marc.info/?l=bugtraq&m=144050155601375&w=2
http://www.openwall.com/lists/oss-security/2013/02/07/3
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19515
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19595
RedHat Security Advisories: RHSA-2013:1591
http://rhn.redhat.com/errata/RHSA-2013-1591.html

Copyright Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.123517
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2013-1591)
Summary:	The remote host is missing an update for the 'openssh' package(s) announced via the ELSA-2013-1591 advisory.
Description:	Summary: The remote host is missing an update for the 'openssh' package(s) announced via the ELSA-2013-1591 advisory. Vulnerability Insight: [5.3p1-94] - use dracut-fips package to determine if a FIPS module is installed (#1001565) [5.3p1-93] - use dist tag in suffixes for hmac checksum files (#1001565) [5.3p1-92] - use hmac_suffix for ssh{,d} hmac checksums (#1001565) [5.3p1-91] - fix NSS keys support (#1004763) [5.3p1-90] - change default value of MaxStartups - CVE-2010-5107 - #908707 - add -fips subpackages that contains the FIPS module files (#1001565) [5.3p1-89] - don't use SSH_FP_MD5 for fingerprints in FIPS mode (#998835) [5.3p1-88] - do ssh_gssapi_krb5_storecreds() twice - before and after pam session (#974096) [5.3p1-87] - bump the minimum value of SSH_USE_STRONG_RNG to 14 according to SP800-131A (#993577) - fixed an issue with broken 'ssh -I pkcs11' (#908038) - abort non-subsystem sessions to forced internal sftp-server (#993509) - reverted 'store krb5 credentials after a pam session is created (#974096)' [5.3p1-86] - Add support for certificate key types for users and hosts (#906872) - Apply RFC3454 stringprep to banners when possible (#955792) [5.3p1-85] - fix chroot logging issue (#872169) - change the bad key permissions error message (#880575) - fix a race condition in ssh-agent (#896561) - backport support for PKCS11 from openssh-5.4p1 (#908038) - add a KexAlgorithms knob to the client and server configuration (#951704) - fix parsing logic of ldap.conf file (#954094) - Add HMAC-SHA2 algorithm support (#969565) - store krb5 credentials after a pam session is created (#974096) Affected Software/OS: 'openssh' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-5107 BugTraq ID: 58162 http://www.securityfocus.com/bid/58162 HPdes Security Advisory: HPSBMU03409 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://www.openwall.com/lists/oss-security/2013/02/07/3 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19515 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19595 RedHat Security Advisories: RHSA-2013:1591 http://rhn.redhat.com/errata/RHSA-2013-1591.html
Copyright	Copyright (C) 2015 Greenbone AG