[SECURITY] [DLA 594-1] openssh security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : openssh
Version : 6.0p1-4+deb7u6
CVE ID : CVE-2016-6515
Debian Bug : 833823
OpenSSH secure shell client and server had a denial of service
vulnerability reported.
CVE-2016-6515
The password authentication function in sshd in OpenSSH before 7.3
does not limit password lengths for password authentication, which
allows remote attackers to cause a denial of service
(crypt CPU consumption) via a long string.
For Debian 7 "Wheezy", this problems has been fixed in version
6.0p1-4+deb7u6.
We recommend that you upgrade your openssh packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- --
--- Inguza Technology AB --- MSc in Information Technology ----
/ ola@inguza.com Folkebogatan 26 \
| opal@debian.org 654 68 KARLSTAD |
| http://inguza.com/ Mobile: +46 (0)70-332 1551 |
\ gpg/f.p.: 22F2 32C6 B1E0 F4BF 2B26 0A6A 5E90 DCFA 9426 876F /
---------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJXrkXHAAoJEF6Q3PqUJodvD6AP/0DQVyBM+hH6I8C+6V8CIscZ
b7GFhxdPGAXfZqeilXQ8GJlLj5+Aiehl+22xpwUKgC1xB2weFM4F/2nxvEI1thl5
4mK8hnYLIUbBGKgmayyGKH5lvwiuZS7e20jhwc6Stpk3aki4VR4O8oTNfhUPPP4I
hGKgTu4w6sh1XglpJ3PkgYbntJkmjUJyVGRRqeDGQrU6KMAww+tV25I4lL02taih
rJBSCSylL8fDUw5XhDbfgC04Gv+25X36Atg7pXGKY3nCCAHjblxkF/x80JPuAXR5
ND34od0L5UoWjblo01HoGceROtEnV4b8zVe0CZ+S+zn0Wmxucl/QnNVlyioVnIVf
/kpLa0k3FmuPu35isUKiWALyTtLkBcNICjeVUHQdVkrWHzesu4IC3Qa3FK5nCWLJ
P1zOqM7UzGfkH5vnav5G0UoM5ZWvgQlc1LB98Kul13+HNmzJ6bk5K2w+ftxat8yD
4o1chRDKW0FDRwsjGxD+nZhDwe0zzpnq5Zoh0XDY0YIOzzvesAkukQeJp+uGmTgO
bH92G7uN8tB6/4WmzsgeRcNKw3/fiyKZdLVK+NNU3YVe7n7+om6Wa/E3SGso95Qi
Iub6leVjWNLdkPP7jl4hoi3Y8+c7V7d/VRE1+d71aXmM03xCD2V3S47PFfOsvfre
0N9GMDgYKjvxDK+m92pT
=sbg3
-----END PGP SIGNATURE-----
Reply to: