Описание
ELSA-2017-2563: openssh security update (MODERATE)
[5.3p1-123]
- Fix for CVE-2016-6210: User enumeration via covert timing channel (#1357442)
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
openssh
5.3p1-123.el6_9
openssh-askpass
5.3p1-123.el6_9
openssh-clients
5.3p1-123.el6_9
openssh-ldap
5.3p1-123.el6_9
openssh-server
5.3p1-123.el6_9
pam_ssh_agent_auth
0.9.3-123.el6_9
Oracle Linux i686
openssh
5.3p1-123.el6_9
openssh-askpass
5.3p1-123.el6_9
openssh-clients
5.3p1-123.el6_9
openssh-ldap
5.3p1-123.el6_9
openssh-server
5.3p1-123.el6_9
pam_ssh_agent_auth
0.9.3-123.el6_9
Связанные CVE
Связанные уязвимости
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user pa ...
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.