It was reported [1] that versions of dropbear prior to 2013.59 suffered from a flaw where large decompressed payloads could cause memory exhaustion, resulting in a denial of service. This has been fixed in git [2]. A CVE assignment is pending [3]. [1] https://matt.ucc.asn.au/dropbear/CHANGES [2] https://secure.ucc.asn.au/hg/dropbear/rev/0bf76f54de6f [3] http://www.openwall.com/lists/oss-security/2013/10/10/15
Created dropbear tracking bugs for this issue: Affects: fedora-all [bug 1017985] Affects: epel-all [bug 1017986]
dropbear-2013.59-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
dropbear-2013.59-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
dropbear-2013.59-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.