Bug 1669

Summary: Openssh 5.8 has a security vulnerability.
Product: [ROSA-based products] ROSA Fresh Reporter: Zombie Ryushu <zombie.ryushu>
Component: Packages from MainAssignee: ROSA Linux Bugs <bugs>
Status: RESOLVED FIXED QA Contact: ROSA Linux Bugs <bugs>
Severity: normal    
Priority: Normal CC: alex.burmashev, denis.silakov
Version: Marathon   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Platform: --- ROSA Vulnerability identifier:
RPM Package: openssh ISO-related:
Bad POT generating: Upstream:

Description Zombie Ryushu 2013-02-15 21:03:27 MSK 
Mageia discovered a CVE that can affect all versions of OpenSSH including 5.9

A denial of service flaw was found in the way default server configuration
of OpenSSH, a open source implementation of SSH protocol versions 1 and 2,
performed management of its connection slot. A remote attacker could use
this flaw to cause connection slot exhaustion on the server (CVE-2010-5107).
Comment 1 Alexander Burmashev 2013-02-18 13:16:20 MSK 
Thx, i applied the patch - https://abf.rosalinux.ru/import/openssh/blob/rosa2012lts/openssh-5.8p2.CVE-2010-5107.patch
and sent package to QA check.
Comment 2 Denis Silakov 2013-02-25 12:26:13 MSK 
This was fixed and published, openssh-5.8p2-4-rosa.lts2012.0.rpm