openssh: Secure Shell Client and Server (Remote Login Program)
----------------------------------------------------------------------
File: openssh-4.4p1-26.x86_64.rpm
Patchrpm: openssh-4.4p1-26.x86_64.patch.rpm
Version: 4.4p1-26
Size: 772 kB
Patchsize: 596 kB
Date: Thu 18 Oct 2007 3:44:39 CEST
Source: openssh-4.4p1-26.src.rpm
Security: Yes
----------------------------------------------------------------------
Description: This update fixes a bug in ssh's cookie handling code. It does not properly handle the situation when an untrusted cookie cannot be created and uses a trusted X11 cookie instead. This allows attackers to violate the intended policy and gain privileges by causing an X client to be treated as trusted. (CVE-2007-4752)
Additionally this update fixes a bug introduced with the last security update for openssh. When the SSH daemon wrote to stderr (for  instance, to warn about the presence of a deprecated option like PAMAuthenticationViaKbdInt in its configuration file), SIGALRM was blocked for SSH sessions. This resulted in problems with processes which rely on SIGALRM, such as ntpdate.