Описание
ELSA-2017-2563: openssh security update (MODERATE)
[5.3p1-123]
- Fix for CVE-2016-6210: User enumeration via covert timing channel (#1357442)
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
openssh
5.3p1-123.el6_9
openssh-askpass
5.3p1-123.el6_9
openssh-clients
5.3p1-123.el6_9
openssh-ldap
5.3p1-123.el6_9
openssh-server
5.3p1-123.el6_9
pam_ssh_agent_auth
0.9.3-123.el6_9
Oracle Linux i686
openssh
5.3p1-123.el6_9
openssh-askpass
5.3p1-123.el6_9
openssh-clients
5.3p1-123.el6_9
openssh-ldap
5.3p1-123.el6_9
openssh-server
5.3p1-123.el6_9
pam_ssh_agent_auth
0.9.3-123.el6_9
Связанные CVE
Связанные уязвимости
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user pa ...