oss-sec mailing list archives
CVE Request: dropbear sshd daemon 2013.59 release
From: Marcus Meissner <meissner () suse de>
Date: Thu, 10 Oct 2013 15:27:07 +0200
Hi folks, hi Matt, https://matt.ucc.asn.au/dropbear/CHANGES seems to have two CVE worth entries. Version 2013.59 - Friday 4 October 2013 has this changes entry: - Limit the size of decompressed payloads, avoids memory exhaustion denial of service Thanks to Logan Lamb for reporting and investigating it Source code fix for this is seems to be: https://secure.ucc.asn.au/hg/dropbear/rev/0bf76f54de6f It also has this changes entry which might need one: - Avoid disclosing existence of valid users through inconsistent delays Thanks to Logan Lamb for reporting https://secure.ucc.asn.au/hg/dropbear/rev/a625f9e135a4 Matt, if you are interested in requesting CVEs in the future for security relevant fixes, feel free to contact us. (Kurt, I looked for your howto, but my googlefu today is weak.) Ciao, Marcus
Current thread:
- CVE Request: dropbear sshd daemon 2013.59 release Marcus Meissner (Oct 10)
- Re: CVE Request: dropbear sshd daemon 2013.59 release Matt Johnston (Oct 10)
- Re: CVE Request: dropbear sshd daemon 2013.59 release Seth Arnold (Oct 10)
- Re: CVE Request: dropbear sshd daemon 2013.59 release Kurt Seifried (Oct 10)
- Re: CVE Request: dropbear sshd daemon 2013.59 release Kurt Seifried (Oct 10)
- Re: CVE Request: dropbear sshd daemon 2013.59 release Matt Johnston (Oct 11)
- Re: CVE Request: dropbear sshd daemon 2013.59 release Kurt Seifried (Oct 15)
- Re: CVE Request: dropbear sshd daemon 2013.59 release Matt Johnston (Oct 11)