Severity: Unknown
Affected Package: openssh
Summary: OpenSSH SSHFP verification bypass and MaxAuthTries bypass
Two OpenSSH security vulnerabilities were fixed. OpenSSH clients did not correctly verify DNS SSHFP records when a server offered a certificate, and OpenSSH servers configured to allow PAM password authentication (the default) allowed MaxAuthTries to be bypassed, permitting many password attempts and easing brute-force attacks.
No specific recommendations provided.
Aliases: CVE-2014-2653, CVE-2015-5600
Published: July 28, 2015
Last Modified: July 28, 2015