** Package changed: debian => openssh (Debian) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/293000
Title: hardy: openssh-server oom_adj can lead to denial of service Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Hardy: Won't Fix Status in openssh package in Debian: Fix Released Bug description: Binary package hint: openssh-server The ssh init script sets the /proc/$PID/oom_adj value to -17 to avoid being killed by the OOM killer in low memory situations. Unfortunately all child processes of sshd inherit this setting. So any user with ssh access can easily launch a process which accumulates memory without being killed by the kernel until the system gets to out of memory kernel panic. This will lead to a denial of service. The bug is already reported in the debian bug tracker under the following location: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480020 The fix is included in openssh/1:4.7p1-11. Please update Hardy to this package version. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/293000/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
