Medium: openssh

Issue Overview:

A denial of service flaw was found in the OpenSSH GSSAPI authentication implementation. A remote, authenticated user could use this flaw to make the OpenSSH server daemon (sshd) use an excessive amount of memory, leading to a denial of service. GSSAPI authentication is enabled by default (“GSSAPIAuthentication yes” in “/etc/ssh/sshd_config”). (CVE-2011-5000)

Affected Packages:

openssh

Issue Correction:
Run yum update openssh to update your system.

New Packages:

i686:  
    openssh-ldap-5.3p1-81.17.amzn1.i686  
    openssh-debuginfo-5.3p1-81.17.amzn1.i686  
    openssh-5.3p1-81.17.amzn1.i686  
    openssh-server-5.3p1-81.17.amzn1.i686  
    openssh-clients-5.3p1-81.17.amzn1.i686  
    pam_ssh_agent_auth-0.9-81.17.amzn1.i686  
  
src:  
    openssh-5.3p1-81.17.amzn1.src  
  
x86_64:  
    openssh-server-5.3p1-81.17.amzn1.x86_64  
    openssh-5.3p1-81.17.amzn1.x86_64  
    openssh-debuginfo-5.3p1-81.17.amzn1.x86_64  
    openssh-clients-5.3p1-81.17.amzn1.x86_64  
    openssh-ldap-5.3p1-81.17.amzn1.x86_64  
    pam_ssh_agent_auth-0.9-81.17.amzn1.x86_64  

Additional References

Red Hat: CVE-2011-5000

Mitre: CVE-2011-5000