This tweet indicates that there is a remotely triggerable crash in openssh: https://twitter.com/robertswiecki/status/780436362105393153 Here's the supposed fix: https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737 Details are scarce. Although it's "just" a crash / NULL deref it could lock an admin out of a server if the sshd service isn't automatically restarted.
commit c938f8ceb36e6791d096ae9df9819f6b3be5315c Author: Lars Wendler <polynomial-c@gentoo.org> Date: Wed Sep 28 10:27:46 2016 net-misc/openssh: Sec-revbump to fix remote pre-auth crash (bug #595342). Package-Manager: portage-2.3.1 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Ready to stabilize?
Arches please test and mark stable =net-misc/openssh-7.3_p1-r6 with target KEYWORDS: alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux
amd64 stable
x86 stable
Stable for PPC64.
oops, wrong bug
(In reply to Hanno Boeck from comment #0) > > Details are scarce. Although it's "just" a crash / NULL deref it could lock > an admin out of a server if the sshd service isn't automatically restarted. Unless I misunderstand, this looks like a an issue during the key exchange between the ssh client and the ssh server, which takes place with a child of the master sshd process? So you're basically DoS'ing your own session? How would this impact the parent sshd process and prevent it from spawning other children to handle other attempted connections to the server?
Stable for HPPA.
Stable on alpha.
sparc stable
ppc stable
arm stable
ia64 stable. Maintainer(s), please cleanup.
This issue was resolved and addressed in GLSA 201612-18 at https://security.gentoo.org/glsa/201612-18 by GLSA coordinator Aaron Bauman (b-man).
