ELSA-2019-2143

Опубликовано: 13 авг. 2019

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2019-2143: openssh security, bug fix, and enhancement update (LOW)

[7.4p1-21 + 0.10.3-2]

Avoid double comma in the default cipher list in FIPS mode (#1722446)

[7.4p1-20 + 0.10.3-2]

Revert the updating of cached passwd structure (#1712053)

[7.4p1-19 + 0.10.3-2]

Update cached passwd structure after PAM authentication (#1674541)

[7.4p1-18 + 0.10.3-2]

invalidate supplemental group cache used by temporarily_use_uid() when the target uid differs (#1583735)

[7.4p1-17 + 0.10.3-2]

Fix for CVE-2018-15473 (#1619079)
Enable GCM mode for AES ciphers in FIPS mode (#1600869)

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

openssh

7.4p1-21.el7

openssh-askpass

7.4p1-21.el7

openssh-cavs

7.4p1-21.el7

openssh-clients

7.4p1-21.el7

openssh-keycat

7.4p1-21.el7

openssh-ldap

7.4p1-21.el7

openssh-server

7.4p1-21.el7

openssh-server-sysvinit

7.4p1-21.el7

pam_ssh_agent_auth

0.10.3-2.21.el7

Oracle Linux x86_64

openssh

7.4p1-21.el7

openssh-askpass

7.4p1-21.el7

openssh-cavs

7.4p1-21.el7

openssh-clients

7.4p1-21.el7

openssh-keycat

7.4p1-21.el7

openssh-ldap

7.4p1-21.el7

openssh-server

7.4p1-21.el7

openssh-server-sysvinit

7.4p1-21.el7

pam_ssh_agent_auth

0.10.3-2.21.el7

Связанные CVE

CVE-2018-15473

Ссылки на источники

Связанные уязвимости

CVE-2018-15473

CVSS3: 5.3

ubuntu

больше 7 лет назад

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.