Updated openssh package fixes security vulnerability
Publication date: 28 Jul 2015Modification date: 28 Jul 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-5600
Description
The OpenSSH server, when keyboard-interactive challenge response authentication is enabled and PAM is being used (the default configuration in Mageia), can be tricked into allowing more password attempts than the MaxAuthTries setting would normally allow in one connection, which can aid an attacker in brute-force password guessing (CVE-2015-5600).
References
SRPMS
5/core
- openssh-6.6p1-5.3.mga5
4/core
- openssh-6.2p2-3.4.mga4