Part of the SFTP handshake involves "extensions", which are key/value pairs, comprised of strings. In SSH, strings are encoded for network transport as a 32-bit length, followed by the bytes. The mod_sftp module currently places no bounds/length limitations when reading these SFTP extension key/value data from the network. A malicious attacker might attempt to encode large values, and allocate more memory than is necessary, causing excessive resource usage or the FTP daemon to crash.
This update limits the amount of memory allocated to handle these extensions.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2015-7a89e8db70
Please login to add feedback.
This update has been submitted for testing by pghmcfc.
This update has been pushed to testing.
This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes
This update has been submitted for stable by pghmcfc.
This update has been pushed to stable.