[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 594-1] openssh security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : openssh
Version        : 6.0p1-4+deb7u6
CVE ID         : CVE-2016-6515
Debian Bug     : 833823

OpenSSH secure shell client and server had a denial of service
vulnerability reported.

CVE-2016-6515
  The password authentication function in sshd in OpenSSH before 7.3
  does not limit password lengths for password authentication, which
  allows remote attackers to cause a denial of service
  (crypt CPU consumption) via a long string.

For Debian 7 "Wheezy", this problems has been fixed in version
6.0p1-4+deb7u6.

We recommend that you upgrade your openssh packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -- 
 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola@inguza.com                    Folkebogatan 26            \
|  opal@debian.org                   654 68 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 22F2 32C6 B1E0 F4BF 2B26  0A6A 5E90 DCFA 9426 876F /
 ---------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJXrkXHAAoJEF6Q3PqUJodvD6AP/0DQVyBM+hH6I8C+6V8CIscZ
b7GFhxdPGAXfZqeilXQ8GJlLj5+Aiehl+22xpwUKgC1xB2weFM4F/2nxvEI1thl5
4mK8hnYLIUbBGKgmayyGKH5lvwiuZS7e20jhwc6Stpk3aki4VR4O8oTNfhUPPP4I
hGKgTu4w6sh1XglpJ3PkgYbntJkmjUJyVGRRqeDGQrU6KMAww+tV25I4lL02taih
rJBSCSylL8fDUw5XhDbfgC04Gv+25X36Atg7pXGKY3nCCAHjblxkF/x80JPuAXR5
ND34od0L5UoWjblo01HoGceROtEnV4b8zVe0CZ+S+zn0Wmxucl/QnNVlyioVnIVf
/kpLa0k3FmuPu35isUKiWALyTtLkBcNICjeVUHQdVkrWHzesu4IC3Qa3FK5nCWLJ
P1zOqM7UzGfkH5vnav5G0UoM5ZWvgQlc1LB98Kul13+HNmzJ6bk5K2w+ftxat8yD
4o1chRDKW0FDRwsjGxD+nZhDwe0zzpnq5Zoh0XDY0YIOzzvesAkukQeJp+uGmTgO
bH92G7uN8tB6/4WmzsgeRcNKw3/fiyKZdLVK+NNU3YVe7n7+om6Wa/E3SGso95Qi
Iub6leVjWNLdkPP7jl4hoi3Y8+c7V7d/VRE1+d71aXmM03xCD2V3S47PFfOsvfre
0N9GMDgYKjvxDK+m92pT
=sbg3
-----END PGP SIGNATURE-----


Reply to: