Bug 213640 - security/openssh-portable: Security vulnerability (CVE-2016-8858)
Summary: security/openssh-portable: Security vulnerability (CVE-2016-8858)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Mark Felder
URL: http://seclists.org/oss-sec/2016/q4/191
Keywords: security
Depends on:
Blocks:
 
Reported: 2016-10-20 09:47 UTC by VK
Modified: 2016-10-29 15:20 UTC (History)
3 users (show)

See Also:
koobs: maintainer-feedback? (bdrewery)
feld: merge-quarterly+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description VK freebsd_triage 2016-10-20 09:47:47 UTC 
There is a memory exhaustion bug in key exchange process of OpenSSH.

* CVE assignment:
  http://seclists.org/oss-sec/2016/q4/191

* Relevant upstream log:
  http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c
Comment 1 VK freebsd_triage 2016-10-20 11:35:26 UTC 
Correct typo'd assignee...
Comment 2 Kubilay Kocak freebsd_committer freebsd_triage 2016-10-25 12:58:14 UTC 
Author: bdrewery
Date: Mon Oct 24 22:52:17 2016
New Revision: 424592
URL: https://svnweb.freebsd.org/changeset/ports/424592

Log:
  Bring in upstream commit ec165c392ca54317dbe3064a8c200de6531e89ad:
    Unregister the KEXINIT handler after message has been
    received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause
    allocation of up to 128MB -- until the connection is closed. Reported by
    shilei-c at 360.cn
  
  Security:	CVE-2016-8858
Comment 3 Kubilay Kocak freebsd_committer freebsd_triage 2016-10-25 12:58:58 UTC 
Pending security/vuxml & mfh
Comment 4 commit-hook freebsd_committer freebsd_triage 2016-10-29 15:20:17 UTC 
A commit references this bug:

Author: feld
Date: Sat Oct 29 15:19:27 UTC 2016
New revision: 424916
URL: https://svnweb.freebsd.org/changeset/ports/424916

Log:
  Document openssh DoS

  PR:		213640
  Security:	CVE-2016-8858

Changes:
  head/security/vuxml/vuln.xml