Bug 1669 - Openssh 5.8 has a security vulnerability.
: Openssh 5.8 has a security vulnerability.
Status: RESOLVED FIXED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: Marathon
: All Linux
: Normal normal
: ---
Assigned To: ROSA Linux Bugs
: ROSA Linux Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-02-15 21:03 MSK by Zombie Ryushu
Modified: 2013-02-25 12:26 MSK (History)
2 users (show)

See Also:
RPM Package: openssh
ISO-related:
Bad POT generating:
Upstream:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Zombie Ryushu 2013-02-15 21:03:27 MSK
Mageia discovered a CVE that can affect all versions of OpenSSH including 5.9

A denial of service flaw was found in the way default server configuration
of OpenSSH, a open source implementation of SSH protocol versions 1 and 2,
performed management of its connection slot. A remote attacker could use
this flaw to cause connection slot exhaustion on the server (CVE-2010-5107).
Comment 1 Alexander Burmashev 2013-02-18 13:16:20 MSK
Thx, i applied the patch - https://abf.rosalinux.ru/import/openssh/blob/rosa2012lts/openssh-5.8p2.CVE-2010-5107.patch
and sent package to QA check.
Comment 2 Denis Silakov 2013-02-25 12:26:13 MSK
This was fixed and published, openssh-5.8p2-4-rosa.lts2012.0.rpm