Bug#841884: openssh: CVE-2016-8858: Memory exhaustion due to unregistered KEXINIT handler after receiving message

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#841884: openssh: CVE-2016-8858: Memory exhaustion due to unregistered KEXINIT handler after receiving message
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 24 Oct 2016 08:45:53 +0200
Message-id: <[🔎] 147729155386.8556.17347593812520811436.reportbug@lorien.valinor.li>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 841884@bugs.debian.org

Source: openssh
Version: 1:6.7p1-5
Severity: normal
Tags: security upstream

Hi,

the following vulnerability was published for openssh.

CVE-2016-8858[0]:
|Memory exhaustion due to unregistered KEXINIT handler after receiving
|message

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-8858
[1] http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c?rev=1.127&content-type=text/x-cvsweb-markup
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1384860

Regards,
Salvatore

Reply to:

Follow-Ups:
- Bug#841884: marked as done (openssh: CVE-2016-8858: Memory exhaustion due to unregistered KEXINIT handler after receiving message)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#841782: openssh-client: SSH disconnects after 10 seconds (or less)
Next by Date: Processing of openssh_7.3p1-2_source.changes
Previous by thread: Bug#841782: openssh-client: SSH disconnects after 10 seconds (or less)
Next by thread: Bug#841884: marked as done (openssh: CVE-2016-8858: Memory exhaustion due to unregistered KEXINIT handler after receiving message)
Index(es):
- Date
- Thread