It was found that OpenSSH did not limit password lengths for password authentication. A remote unauthenticated attacker could use this flaw to temporarily trigger high CPU consumption in sshd by sending long passwords.
- CentOS6 based Unitrends' appliances (physical and/or virtual), no fix is required.
- CentOS7 based Unitrends' appliances (physical and/or virtual), fix is in openssh-7.4p1-11.el7 and Unitrends' initial release of CentOS7 was with oepnssh-7.4p1-16.el7.
LINK TO ADVISORIES