Updated openssh packages fix security vulnerabilityPublication date: 31 Aug 2016
Affected Mageia releases : 5
CVE: CVE-2015-8325 , CVE-2016-6210 , CVE-2016-6515
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable (CVE-2015-8325). When SSHD tries to authenticate a non-existing user, it will pick up a fake password structure hard-coded in the SSHD source code. An attacker can measure timing information to determine if a user exists when verifying a password (CVE-2016-6210). The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string (CVE-2016-6515). Note that CVE-2015-8325 and CVE-2016-6210 wouldn't affect most Mageia systems, as UseLogin is not enabled by default and Mageia uses Blowfish password hashes by default.