** Package changed: debian => openssh (Debian)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/293000

Title:
  hardy: openssh-server oom_adj can lead to denial of service

Status in openssh package in Ubuntu:
  Fix Released
Status in openssh source package in Hardy:
  Won't Fix
Status in openssh package in Debian:
  Fix Released

Bug description:
  Binary package hint: openssh-server

  The ssh init script sets the /proc/$PID/oom_adj value to -17 to avoid
  being killed by the OOM killer in low memory situations. Unfortunately
  all child processes of sshd inherit this setting.

  So any user with ssh access can easily launch a process which
  accumulates memory without being killed by the kernel until the system
  gets to out of memory kernel panic. This will lead to a denial of
  service.

  The bug is already reported in the debian bug tracker under the following 
location:
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480020

  The fix is included in openssh/1:4.7p1-11. Please update Hardy to this
  package version.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/293000/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to