Synopsis:          Low: openssh security, bug fix, and enhancement update
Advisory ID:       SLSA-2013:1591-2
Issue Date:        2013-11-21
CVE Numbers:       CVE-2010-5107
--

The default OpenSSH configuration made it easy for remote attackers to
exhaust unauthorized connection slots and prevent other users from being
able to log in to a system. This flaw has been addressed by enabling
random early connection drops by setting MaxStartups to 10:30:100 by
default. For more information, refer to the sshd_config(5) man page.
(CVE-2010-5107)
--

SL6
  x86_64
    openssh-5.3p1-94.el6.x86_64.rpm
    openssh-askpass-5.3p1-94.el6.x86_64.rpm
    openssh-clients-5.3p1-94.el6.x86_64.rpm
    openssh-debuginfo-5.3p1-94.el6.x86_64.rpm
    openssh-server-5.3p1-94.el6.x86_64.rpm
    openssh-debuginfo-5.3p1-94.el6.i686.rpm
    openssh-ldap-5.3p1-94.el6.x86_64.rpm
    pam_ssh_agent_auth-0.9.3-94.el6.i686.rpm
    pam_ssh_agent_auth-0.9.3-94.el6.x86_64.rpm
  i386
    openssh-5.3p1-94.el6.i686.rpm
    openssh-askpass-5.3p1-94.el6.i686.rpm
    openssh-clients-5.3p1-94.el6.i686.rpm
    openssh-debuginfo-5.3p1-94.el6.i686.rpm
    openssh-server-5.3p1-94.el6.i686.rpm
    openssh-ldap-5.3p1-94.el6.i686.rpm
    pam_ssh_agent_auth-0.9.3-94.el6.i686.rpm

The following RPMs were added for dependency resolution:
  x86_64
    openssl-1.0.1e-15.el6.i686.rpm
    openssl-1.0.1e-15.el6.x86_64.rpm
    openssl-devel-1.0.1e-15.el6.i686.rpm
    openssl-devel-1.0.1e-15.el6.x86_64.rpm
    openssl-perl-1.0.1e-15.el6.x86_64.rpm
    openssl-static-1.0.1e-15.el6.x86_64.rpm
  i386
    openssl-1.0.1e-15.el6.i686.rpm
    openssl-devel-1.0.1e-15.el6.i686.rpm
    openssl-perl-1.0.1e-15.el6.i686.rpm
    openssl-static-1.0.1e-15.el6.i686.rpm

- Scientific Linux Development Team