[SECURITY] [DLA 594-1] openssh security update

2016-08-1221:55:19

lists.debian.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.045 Low

EPSS

Percentile

92.4%

JSON

Package : openssh
Version : 6.0p1-4+deb7u6
CVE ID : CVE-2016-6515
Debian Bug : 833823

OpenSSH secure shell client and server had a denial of service
vulnerability reported.

CVE-2016-6515
The password authentication function in sshd in OpenSSH before 7.3
does not limit password lengths for password authentication, which
allows remote attackers to cause a denial of service
(crypt CPU consumption) via a long string.

For Debian 7 "Wheezy", this problems has been fixed in version
6.0p1-4+deb7u6.

We recommend that you upgrade your openssh packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

— Inguza Technology AB — MSc in Information Technology ----
/ [email protected] Folkebogatan 26
| [email protected] 654 68 KARLSTAD |
| http://inguza.com/ Mobile: +46 (0)70-332 1551 |
\ gpg/f.p.: 22F2 32C6 B1E0 F4BF 2B26 0A6A 5E90 DCFA 9426 876F /

OSVersionArchitecturePackageVersionFilename
Debian8allopenssh< 1:6.7p1-5+deb8u6openssh_1:6.7p1-5+deb8u6_all.deb
Debian8i386openssh-client< 1:6.7p1-5+deb8u6openssh-client_1:6.7p1-5+deb8u6_i386.deb
Debian7armhfopenssh-server< 1:6.0p1-4+deb7u6openssh-server_1:6.0p1-4+deb7u6_armhf.deb
Debian8i386ssh-askpass-gnome< 1:6.7p1-5+deb8u6ssh-askpass-gnome_1:6.7p1-5+deb8u6_i386.deb
Debian8armelopenssh-client-udeb< 1:6.7p1-5+deb8u6openssh-client-udeb_1:6.7p1-5+deb8u6_armel.deb
Debian8i386openssh-sftp-server< 1:6.7p1-5+deb8u6openssh-sftp-server_1:6.7p1-5+deb8u6_i386.deb
Debian8allssh-krb5< 1:6.7p1-5+deb8u6ssh-krb5_1:6.7p1-5+deb8u6_all.deb
Debian7armelopenssh-server-udeb< 1:6.0p1-4+deb7u6openssh-server-udeb_1:6.0p1-4+deb7u6_armel.deb
Debian8amd64openssh-server-udeb< 1:6.7p1-5+deb8u6openssh-server-udeb_1:6.7p1-5+deb8u6_amd64.deb
Debian7armelopenssh-client< 1:6.0p1-4+deb7u6openssh-client_1:6.0p1-4+deb7u6_armel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	all	openssh	< 1:6.7p1-5+deb8u6	openssh_1:6.7p1-5+deb8u6_all.deb
Debian	8	i386	openssh-client	< 1:6.7p1-5+deb8u6	openssh-client_1:6.7p1-5+deb8u6_i386.deb
Debian	7	armhf	openssh-server	< 1:6.0p1-4+deb7u6	openssh-server_1:6.0p1-4+deb7u6_armhf.deb
Debian	8	i386	ssh-askpass-gnome	< 1:6.7p1-5+deb8u6	ssh-askpass-gnome_1:6.7p1-5+deb8u6_i386.deb
Debian	8	armel	openssh-client-udeb	< 1:6.7p1-5+deb8u6	openssh-client-udeb_1:6.7p1-5+deb8u6_armel.deb
Debian	8	i386	openssh-sftp-server	< 1:6.7p1-5+deb8u6	openssh-sftp-server_1:6.7p1-5+deb8u6_i386.deb
Debian	8	all	ssh-krb5	< 1:6.7p1-5+deb8u6	ssh-krb5_1:6.7p1-5+deb8u6_all.deb
Debian	7	armel	openssh-server-udeb	< 1:6.0p1-4+deb7u6	openssh-server-udeb_1:6.0p1-4+deb7u6_armel.deb
Debian	8	amd64	openssh-server-udeb	< 1:6.7p1-5+deb8u6	openssh-server-udeb_1:6.7p1-5+deb8u6_amd64.deb
Debian	7	armel	openssh-client	< 1:6.0p1-4+deb7u6	openssh-client_1:6.0p1-4+deb7u6_armel.deb