Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 10 Oct 2013 15:27:07 +0200
From: Marcus Meissner <meissner@...e.de>
To: OSS Security List <oss-security@...ts.openwall.com>
Cc: matt@....asn.au
Subject: CVE Request: dropbear sshd daemon 2013.59 release

Hi folks, hi Matt,

https://matt.ucc.asn.au/dropbear/CHANGES seems to have two CVE worth entries.

Version 2013.59 - Friday 4 October 2013

has this changes entry:
- Limit the size of decompressed payloads, avoids memory exhaustion denial
  of service 
  Thanks to Logan Lamb for reporting and investigating it

  Source code fix for this is seems to be:
  https://secure.ucc.asn.au/hg/dropbear/rev/0bf76f54de6f


It also has this changes entry which might need one:
- Avoid disclosing existence of valid users through inconsistent delays
  Thanks to Logan Lamb for reporting

  https://secure.ucc.asn.au/hg/dropbear/rev/a625f9e135a4

Matt, if you are interested in requesting CVEs in the future
for security relevant fixes, feel free to contact us.
(Kurt, I looked for your howto, but my googlefu today is weak.)

Ciao, Marcus

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.