Mageia alert MGASA-2013-0052 (openssh) [LWN.net]


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2013-0052: openssh-5.9p1-5.1.mga2 (2/core) 
Date:
    	       Thu, 14 Feb 2013 00:06:36 +0100
Message-ID:
    	       <20130213230636.GA18047@valstar.mageia.org>
Archive-link:
    	       Article, Thread
              
MGASA-2013-0052
Date: 	February 14th, 2013
Affected releases: 	2
Media: 	Core


Description:
Updated openssh packages fix security vulnerability:

A denial of service flaw was found in the way default server configuration
of OpenSSH, a open source implementation of SSH protocol versions 1 and 2,
performed management of its connection slot. A remote attacker could use
this flaw to cause connection slot exhaustion on the server
(CVE-2010-5107).


Updated Packages:
i586:
openssh-5.9p1-5.1.mga2.i586.rpm
openssh-askpass-5.9p1-5.1.mga2.i586.rpm
openssh-askpass-common-5.9p1-5.1.mga2.i586.rpm
openssh-askpass-gnome-5.9p1-5.1.mga2.i586.rpm
openssh-clients-5.9p1-5.1.mga2.i586.rpm
openssh-server-5.9p1-5.1.mga2.i586.rpm
openssh-debug-5.9p1-5.1.mga2.i586.rpm

x86_64:
openssh-5.9p1-5.1.mga2.x86_64.rpm
openssh-askpass-5.9p1-5.1.mga2.x86_64.rpm
openssh-askpass-common-5.9p1-5.1.mga2.x86_64.rpm
openssh-askpass-gnome-5.9p1-5.1.mga2.x86_64.rpm
openssh-clients-5.9p1-5.1.mga2.x86_64.rpm
openssh-server-5.9p1-5.1.mga2.x86_64.rpm
openssh-debug-5.9p1-5.1.mga2.x86_64.rpm

SRPMS:
openssh-5.9p1-5.1.mga2.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5107
http://lists.fedoraproject.org/pipermail/package-announce...
https://bugs.mageia.org/show_bug.cgi?id=9069
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-...
(Log in to post comments)