openssh security and bug fix update

2007-11-19T00:00:00
ID ELSA-2007-0540
Type oraclelinux
Reporter Oracle
Modified 2007-11-19T00:00:00

Description

[4.3p2-24] - fixed audit log injection problem (CVE-2007-3102) (#248059) [4.3p2-23] - document where the nss certificate and token dbs are looked for [4.3p2-22] - experimental support for PKCS#11 tokens through libnss3 (#183423) [4.3p2-21] - fix an information leak in Kerberos password authentication (CVE-2006-5052) (#234638) - correctly setup context when empty level requested (#234951) [4.3p2-20] - and always request default level as returned by getseuserbyname (#231695) [4.3p2-19] - check requested level context against a context with the same role (#231695) [4.3p2-18] - reject connection if requested mls range is not obtained (#229278) [4.3p2-17] - allow selecting non-default roles and audit role changes (#227733)