+++ This bug was initially created as a clone of Bug #207955 +++ Tavis Ormandy of the Google Security Team discovered a denial of service attack on the openssh sshd daemon when ssh protocol version 1 is enabled. This flaw will cause the openssh server to consume a large quantity of the CPU until the specified timeout is reached. The upstream patches can be found here: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/deattack.c.diff?r1=1.29&r2=1.30&sortby=date&f=h http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?r1=1.143&r2=1.144&sortby=date&f=h http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/deattack.h.diff?r1=1.9&r2=1.10&sortby=date&f=h
openssh-4.3p2-4.10 has been pushed for fc5, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.
Hrm. If this issue is resolved, then shouldn't this bug report be closed by the Fedora Updates System? Anyhoo, the resolution is Fedora Update Notification "FEDORA-2006-1011", posted at: <http://www.redhat.com/archives/fedora-package-announce/2006-October/msg00006.html> Closing this bug. (If I am wrong to close this bug, please let me know?)