Advisories » MGASA-2015-0295

Updated openssh package fixes security vulnerability

Publication date: 28 Jul 2015
Modification date: 28 Jul 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-5600

Description

The OpenSSH server, when keyboard-interactive challenge response
authentication is enabled and PAM is being used (the default configuration
in Mageia), can be tricked into allowing more password attempts than the
MaxAuthTries setting would normally allow in one connection, which can aid
an attacker in brute-force password guessing (CVE-2015-5600).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16456
• http://openwall.com/lists/oss-security/2015/07/23/4
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5600

SRPMS

4/core

• openssh-6.2p2-3.4.mga4

5/core

• openssh-6.6p1-5.3.mga5