MidnightBSD 0.6.4
OpenSSH
Fix two security vulnerabilities:
OpenSSH clients does not correctly verify DNS SSHFP records when a server
offers a certificate. [CVE-2014-2653]
OpenSSH servers which are configured to allow password authentication
using PAM (default) would allow many password attempts. A bug allows
MaxAuthTries to be bypassed. [CVE-2015-5600]
|