SVNews r322341

NOTE: This service is experimental and subject to change! Use at your own risk!

2017-08-10 06:36:37 - r322341 by delphij (Xin LI)

Complete list of files affected by revision r322341:

(Note: At the moment, these links point to ViewVC on svn.freebsd.org. They are probably slow. Do not overuse.)

  History   Contents   Diff   MODIFY   /stable/10/crypto/openssh/auth-passwd.c  
  History   Contents   Diff   MODIFY   /stable/11/crypto/openssh/auth-passwd.c  

Commit message:

Apply upstream fix:

Skip passwords longer than 1k in length so clients can't
easily DoS sshd by sending very long passwords, causing it to spend CPU
hashing them. feedback djm@, ok markus@.

Brought to our attention by tomas.kuthan at oracle.com, shilei-c at
360.cn and coredump at autistici.org

Security: CVE-2016-6515
Security: FreeBSD-SA-17:06.openssh

 


Powered by Python FreeBSD support by secnetix GmbH & Co. KG

Page generated in 28 ms, 2 files printed. Current time is 2017-08-17 11:33:38. All times are in UTC/GMT.