ALAS-2012-099


Amazon Linux AMI Security Advisory: ALAS-2012-99
Advisory Release Date: 2014-09-14 16:32 Pacific
Severity: Medium

Issue Overview:

A denial of service flaw was found in the OpenSSH GSSAPI authentication implementation. A remote, authenticated user could use this flaw to make the OpenSSH server daemon (sshd) use an excessive amount of memory, leading to a denial of service. GSSAPI authentication is enabled by default ("GSSAPIAuthentication yes" in "/etc/ssh/sshd_config"). (CVE-2011-5000 )


Affected Packages:

openssh


Issue Correction:
Run yum update openssh to update your system.

New Packages:
i686:
    openssh-ldap-5.3p1-81.17.amzn1.i686
    openssh-debuginfo-5.3p1-81.17.amzn1.i686
    openssh-5.3p1-81.17.amzn1.i686
    openssh-server-5.3p1-81.17.amzn1.i686
    openssh-clients-5.3p1-81.17.amzn1.i686
    pam_ssh_agent_auth-0.9-81.17.amzn1.i686

src:
    openssh-5.3p1-81.17.amzn1.src

x86_64:
    openssh-server-5.3p1-81.17.amzn1.x86_64
    openssh-5.3p1-81.17.amzn1.x86_64
    openssh-debuginfo-5.3p1-81.17.amzn1.x86_64
    openssh-clients-5.3p1-81.17.amzn1.x86_64
    openssh-ldap-5.3p1-81.17.amzn1.x86_64
    pam_ssh_agent_auth-0.9-81.17.amzn1.x86_64