This bug was fixed in the package openssh - 1:7.2p2-4ubuntu2.1
---------------
openssh (1:7.2p2-4ubuntu2.1) xenial-security; urgency=medium
* SECURITY UPDATE: user enumeration via covert timing channel
- debian/patches/CVE-2016-6210-1.patch: determine appropriate salt for
invalid users in auth-passwd.c, openbsd-compat/xcrypt.c.
- debian/patches/CVE-2016-6210-2.patch: mitigate timing of disallowed
users PAM logins in auth-pam.c.
- debian/patches/CVE-2016-6210-3.patch: search users for one with a
valid salt in openbsd-compat/xcrypt.c.
- CVE-2016-6210
* SECURITY UPDATE: denial of service via long passwords
- debian/patches/CVE-2016-6515.patch: skip passwords longer than 1k in
length in auth-passwd.c.
- CVE-2016-6515
-- Marc Deslauriers <[email protected]> Thu, 11 Aug 2016
08:38:27 -0400
** Changed in: openssh (Ubuntu Xenial)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-6210
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-6515
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1584393
Title:
systemctl restart networking hangs reloading ssh.service
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1584393/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
