There is a memory exhaustion bug in key exchange process of OpenSSH. * CVE assignment: http://seclists.org/oss-sec/2016/q4/191 * Relevant upstream log: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c
Correct typo'd assignee...
Author: bdrewery Date: Mon Oct 24 22:52:17 2016 New Revision: 424592 URL: https://svnweb.freebsd.org/changeset/ports/424592 Log: Bring in upstream commit ec165c392ca54317dbe3064a8c200de6531e89ad: Unregister the KEXINIT handler after message has been received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause allocation of up to 128MB -- until the connection is closed. Reported by shilei-c at 360.cn Security: CVE-2016-8858
Pending security/vuxml & mfh
A commit references this bug: Author: feld Date: Sat Oct 29 15:19:27 UTC 2016 New revision: 424916 URL: https://svnweb.freebsd.org/changeset/ports/424916 Log: Document openssh DoS PR: 213640 Security: CVE-2016-8858 Changes: head/security/vuxml/vuln.xml