news 28 Posted August 12, 2016 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : openssh Version : 6.0p1-4+deb7u6 CVE ID : CVE-2016-6515 Debian Bug : 833823 OpenSSH secure shell client and server had a denial of service vulnerability reported. CVE-2016-6515 The password authentication function in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string. For Debian 7 "Wheezy", this problems has been fixed in version 6.0p1-4+deb7u6. We recommend that you upgrade your openssh packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -- --- Inguza Technology AB --- MSc in Information Technology ---- / ola ( -at -) inguza.com Folkebogatan 26 \ | opal ( -at -) debian.org 654 68 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 22F2 32C6 B1E0 F4BF 2B26 0A6A 5E90 DCFA 9426 876F / --------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJXrkXHAAoJEF6Q3PqUJodvD6AP/0DQVyBM+hH6I8C+6V8CIscZ b7GFhxdPGAXfZqeilXQ8GJlLj5+Aiehl+22xpwUKgC1xB2weFM4F/2nxvEI1thl5 4mK8hnYLIUbBGKgmayyGKH5lvwiuZS7e20jhwc6Stpk3aki4VR4O8oTNfhUPPP4I hGKgTu4w6sh1XglpJ3PkgYbntJkmjUJyVGRRqeDGQrU6KMAww+tV25I4lL02taih rJBSCSylL8fDUw5XhDbfgC04Gv+25X36Atg7pXGKY3nCCAHjblxkF/x80JPuAXR5 ND34od0L5UoWjblo01HoGceROtEnV4b8zVe0CZ+S+zn0Wmxucl/QnNVlyioVnIVf /kpLa0k3FmuPu35isUKiWALyTtLkBcNICjeVUHQdVkrWHzesu4IC3Qa3FK5nCWLJ P1zOqM7UzGfkH5vnav5G0UoM5ZWvgQlc1LB98Kul13+HNmzJ6bk5K2w+ftxat8yD 4o1chRDKW0FDRwsjGxD+nZhDwe0zzpnq5Zoh0XDY0YIOzzvesAkukQeJp+uGmTgO bH92G7uN8tB6/4WmzsgeRcNKw3/fiyKZdLVK+NNU3YVe7n7+om6Wa/E3SGso95Qi Iub6leVjWNLdkPP7jl4hoi3Y8+c7V7d/VRE1+d71aXmM03xCD2V3S47PFfOsvfre 0N9GMDgYKjvxDK+m92pT =sbg3 -----END PGP SIGNATURE----- Share this post Link to post
