Bug 213640

Summary:	security/openssh-portable: Security vulnerability (CVE-2016-8858)
Product:	Ports & Packages	Reporter:	VK <vlad-fbsd>
Component:	Individual Port(s)	Assignee:	Mark Felder <feld>
Status:	Closed FIXED
Severity:	Affects Many People	CC:	bdrewery, feld, ports-secteam
Priority:	---	Keywords:	security
Version:	Latest	Flags:	koobs: maintainer-feedback? (bdrewery) feld: merge-quarterly+
Hardware:	Any
OS:	Any
URL:	http://seclists.org/oss-sec/2016/q4/191

Description VK 2016-10-20 09:47:47 UTC

There is a memory exhaustion bug in key exchange process of OpenSSH.

* CVE assignment:
  http://seclists.org/oss-sec/2016/q4/191

* Relevant upstream log:
  http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c

Comment 1 VK 2016-10-20 11:35:26 UTC

Correct typo'd assignee...

Comment 2 Kubilay Kocak freebsd_committer

2016-10-25 12:58:14 UTC

Author: bdrewery
Date: Mon Oct 24 22:52:17 2016
New Revision: 424592
URL: https://svnweb.freebsd.org/changeset/ports/424592

Log:
  Bring in upstream commit ec165c392ca54317dbe3064a8c200de6531e89ad:
    Unregister the KEXINIT handler after message has been
    received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause
    allocation of up to 128MB -- until the connection is closed. Reported by
    shilei-c at 360.cn
  
  Security:	CVE-2016-8858

Comment 3 Kubilay Kocak freebsd_committer

2016-10-25 12:58:58 UTC

Pending security/vuxml & mfh

Comment 4 commit-hook freebsd_committer

2016-10-29 15:20:17 UTC

A commit references this bug:

Author: feld
Date: Sat Oct 29 15:19:27 UTC 2016
New revision: 424916
URL: https://svnweb.freebsd.org/changeset/ports/424916

Log:
  Document openssh DoS

  PR:		213640
  Security:	CVE-2016-8858

Changes:
  head/security/vuxml/vuln.xml