Summary: | <net-misc/openssh-7.3_p1-r6: Remote pre-auth crash | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system, robbat2 |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A3 [glsa cleanup] | ||
Package list: | Runtime testing required: | --- |
Description
Hanno Böck
2016-09-28 07:59:37 UTC
commit c938f8ceb36e6791d096ae9df9819f6b3be5315c Author: Lars Wendler <polynomial-c@gentoo.org> Date: Wed Sep 28 10:27:46 2016 net-misc/openssh: Sec-revbump to fix remote pre-auth crash (bug #595342). Package-Manager: portage-2.3.1 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> Ready to stabilize? Arches please test and mark stable =net-misc/openssh-7.3_p1-r6 with target KEYWORDS: alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux amd64 stable x86 stable Stable for PPC64. oops, wrong bug (In reply to Hanno Boeck from comment #0) > > Details are scarce. Although it's "just" a crash / NULL deref it could lock > an admin out of a server if the sshd service isn't automatically restarted. Unless I misunderstand, this looks like a an issue during the key exchange between the ssh client and the ssh server, which takes place with a child of the master sshd process? So you're basically DoS'ing your own session? How would this impact the parent sshd process and prevent it from spawning other children to handle other attempted connections to the server? Stable for HPPA. Stable for PPC64. Stable on alpha. sparc stable ppc stable arm stable ia64 stable. Maintainer(s), please cleanup. This issue was resolved and addressed in GLSA 201612-18 at https://security.gentoo.org/glsa/201612-18 by GLSA coordinator Aaron Bauman (b-man). |