ROSA Linux Bugzilla – Bug 1669
Openssh 5.8 has a security vulnerability.
Last modified: 2013-02-25 12:26:13 MSK
Mageia discovered a CVE that can affect all versions of OpenSSH including 5.9
A denial of service flaw was found in the way default server configuration
of OpenSSH, a open source implementation of SSH protocol versions 1 and 2,
performed management of its connection slot. A remote attacker could use
this flaw to cause connection slot exhaustion on the server (CVE-2010-5107).
Thx, i applied the patch - https://abf.rosalinux.ru/import/openssh/blob/rosa2012lts/openssh-5.8p2.CVE-2010-5107.patch
and sent package to QA check.
This was fixed and published, openssh-5.8p2-4-rosa.lts2012.0.rpm