{"id":"MGASA-2015-0295","summary":"Updated openssh package fixes security vulnerability","details":"The OpenSSH server, when keyboard-interactive challenge response\nauthentication is enabled and PAM is being used (the default configuration\nin Mageia), can be tricked into allowing more password attempts than the\nMaxAuthTries setting would normally allow in one connection, which can aid\nan attacker in brute-force password guessing (CVE-2015-5600).\n","modified":"2026-01-30T06:42:08.933924Z","published":"2015-07-28T21:01:59Z","related":["CVE-2015-5600"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0295.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=16456"},{"type":"REPORT","url":"http://openwall.com/lists/oss-security/2015/07/23/4"}],"affected":[{"package":{"name":"openssh","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/openssh?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.2p2-3.4.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0295.json"}},{"package":{"name":"openssh","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/openssh?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.6p1-5.3.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0295.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}