Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 590210 - <net-misc/openssh-7.3_p1: multiple vulnerabilities (CVE-2016-6210, CVE-2015-8325)
Summary: <net-misc/openssh-7.3_p1: multiple vulnerabilities (CVE-2016-6210, CVE-2015-8...
Status: RESOLVED DUPLICATE of bug 590202
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.openssh.com/txt/release-7.3
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-08-01 13:32 UTC by Hanno Böck
Modified: 2016-08-02 09:12 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2016-08-01 13:32:18 UTC
OpenSSH 7.3 fixes a couple of vulnerabilities, from changelog:

 * sshd(8): Mitigate a potential denial-of-service attack against
   the system's crypt(3) function via sshd(8). An attacker could
   send very long passwords that would cause excessive CPU use in
   crypt(3). sshd(8) now refuses to accept password authentication
   requests of length greater than 1024 characters. Independently
   reported by Tomas Kuthan (Oracle), Andres Rojas and Javier Nieto.

 * sshd(8): Mitigate timing differences in password authentication
   that could be used to discern valid from invalid account names
   when long passwords were sent and particular password hashing
   algorithms are in use on the server. CVE-2016-6210, reported by
   EddieEzra.Harari at verint.com

 * ssh(1), sshd(8): Fix observable timing weakness in the CBC padding
   oracle countermeasures. Reported by Jean Paul Degabriele, Kenny
   Paterson, Torben Hansen and Martin Albrecht. Note that CBC ciphers
   are disabled by default and only included for legacy compatibility.

 * ssh(1), sshd(8): Improve operation ordering of MAC verification for
   Encrypt-then-MAC (EtM) mode transport MAC algorithms to verify the
   MAC before decrypting any ciphertext. This removes the possibility
   of timing differences leaking facts about the plaintext, though no
   such leakage has been observed.  Reported by Jean Paul Degabriele,
   Kenny Paterson, Torben Hansen and Martin Albrecht.
    
 * sshd(8): (portable only) Ignore PAM environment vars when
   UseLogin=yes. If PAM is configured to read user-specified
   environment variables and UseLogin=yes in sshd_config, then a
   hostile local user may attack /bin/login via LD_PRELOAD or
   similar environment variables set via PAM. CVE-2015-8325,
   found by Shayan Sadigh.

http://www.openssh.com/txt/release-7.3
Comment 1 SpanKY gentoo-dev 2016-08-02 09:12:37 UTC

*** This bug has been marked as a duplicate of bug 590202 ***