Red Hat

There was a security analysis run on one server which has RHEL 5.8 installed and it is showing security vulnerabilities with respect to ssh in OpenSSH with reference no CVE-2007-4752. The vulnerability solution in the security report is showing solution as below:

1) Download and apply the upgrade from:

ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH

I went to this site but it is showing lots of files on this site and it is not clear which patch/file to execute.

I hope my query is clear as to how to take care of this vulnerability with ssh in OpenSSH in an RHEL installation.

Please revert with the reply to my query.

Regards

This bug is fixed in RHEL since 2008 (https://rhn.redhat.com/errata/RHSA-2008-0855.html). I guess, this system was not updated much.

If the system is registered with RHN, then just update ssh (which might pull in a whole bunch of other updates).

The site you are referring to contains source patches. They are only useful, if you compile ssh from scratch.

If you are registered with RH and have yum available & configured for getting updates, then it might be prudent to update all your RPMs to current levels. You would be advised to apply the updates to a test server that is based on production first to see if there are any functional issues with the changes.

Code:

yum update all

It will take a while and will probably need a boot to complete.

Don't do this during on-line services or batch/backup windows.




Robin
Liverpool/Blackburn
UK

Hi,

I had a query that would applying the updates cause any issues with running services, I do not think they should at all interfere with the services.

As a example, say if there is a webpage hosted and httpd daemon is running, now if the httpd package is updated then should there be any issues with the webpage which is hosted and accessed at present.

I hope my query is clear.

Request you to please revert.