Package name
openssh
Date
2013-04-05
Advisory ID
MDVSA-2013:051
Affected versions
MBS1 x86_64

Problem description

A vulnerability has been found and corrected in openssh:

The default configuration of OpenSSH through 6.1 enforces a fixed
time limit between establishing a TCP connection and completing a
login, which makes it easier for remote attackers to cause a denial
of service (connection-slot exhaustion) by periodically making many
new TCP connections (CVE-2010-5107).

The updated packages have been patched to correct thies issue.

Updated packages

MBS1 x86_64

 490cc20f62d9041848fecc0d113929c7  mbs1/x86_64/openssh-5.9p1-6.1.mbs1.x86_64.rpm
 15fda9cfa94392e3335045b77cabc454  mbs1/x86_64/openssh-askpass-5.9p1-6.1.mbs1.x86_64.rpm
 166e9356916ff90fea38e062a38f3c46  mbs1/x86_64/openssh-askpass-common-5.9p1-6.1.mbs1.x86_64.rpm
 3e89fdee6676cad1a367bcb08d2a0598  mbs1/x86_64/openssh-askpass-gnome-5.9p1-6.1.mbs1.x86_64.rpm
 da53e32963914ebd5ef2a711f9eb17b8  mbs1/x86_64/openssh-clients-5.9p1-6.1.mbs1.x86_64.rpm
 5fcf1ae9ec65ab8a6caef1ddae3995a2  mbs1/x86_64/openssh-server-5.9p1-6.1.mbs1.x86_64.rpm 
 02d438c1966e5e0d3dac8ff4410a13aa  mbs1/SRPMS/openssh-5.9p1-6.1.mbs1.src.rpm

References