Ubuntu Security Notification for Openssh Vulnerabilities (USN-3061-1)——漏洞银行丨0DAY BANK

It was discovered that OpenSSH incorrectly handled password hashing when authenticating non-existing users.

It was discovered that OpenSSH did not limit password lengths.

A remote attacker could perform a timing attack and enumerate valid users. (CVE-2016-6210)

A remote attacker could use this issue to cause OpenSSH to consume resources, leading to a denial of service. (CVE-2016-6515)

Refer to Ubuntu advisory USN-3061-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3061-1: 12.04 (Precise) on src (openssh-server)

USN-3061-1: 16.04 (Xenial) on src (openssh-server)

USN-3061-1: 14.04 (Kylin) on src (openssh-server)