Support Content Notification - Support Portal

BSA-2018-536

Product/Component

Brocade Fabric OS

2 more products

Notification Id

21605

Last Updated

15 July 2019

Initial Publication Date

19 July 2018

Status

Closed

Severity

Low

CVSS Base Score

5.8

WorkAround

N/A

Affected CVE

CVE-2016-8858

Summary

Security Advisory ID : BSA-2018-536

Component : OpenSSH

Revision : 2.0: Final

A memory exhaustion issue in OpenSSH that can be triggered before user authentication was found. An unauthenticated attacker could consume approx. 400 MB of memory per each connection. The attacker could set up multiple such connections to run out of server’s memory. Affected versions: openssh-6.8p1, openssh-6.9p1, openssh-7.0p1, openssh-7.1p1, openssh-7.2p1, openssh-7.3p1.

Affected Products
Brocade Fabric OS versions before 8.2.0a, 7.4.2.

Products Confirmed Not Vulnerable
No other Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.

Solution
Security updates for the issues described in this advisory are provided in Brocade Fabric OS (FOS) v8.2.0a, v7.4.2 and later releases. The patch releases have been posted to the MyBroadcom web portal.

Recommended Action
Brocade recommends that all customers running the impacted version(s) install the patch(es).

Revision History

Version	Change	Date
1.0	Initial Publication	July 19, 2018
2.0	Updated for Fibre Channel Only.	July 15, 2019