[Bug 293000]

Tue May 21 15:43:10 UTC 2013

Thank you for reporting this bug to Ubuntu. hardy has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against hardy is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.

** Changed in: openssh (Ubuntu Hardy)
       Status: Confirmed => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/293000

Title:
  hardy: openssh-server oom_adj can lead to denial of service

Status in “openssh” package in Ubuntu:
  Fix Released
Status in “openssh” source package in Hardy:
  Won't Fix
Status in Debian GNU/Linux:
  Fix Released

Bug description:
  Binary package hint: openssh-server

  The ssh init script sets the /proc/$PID/oom_adj value to -17 to avoid
  being killed by the OOM killer in low memory situations. Unfortunately
  all child processes of sshd inherit this setting.

  So any user with ssh access can easily launch a process which
  accumulates memory without being killed by the kernel until the system
  gets to out of memory kernel panic. This will lead to a denial of
  service.

  The bug is already reported in the debian bug tracker under the following location:
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480020

  The fix is included in openssh/1:4.7p1-11. Please update Hardy to this
  package version.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/293000/+subscriptions