Описание
ELSA-2023-4428: openssh security update (IMPORTANT)
[5.3p1-124.0.2]
- Fix for CVE-2016-6210 incomplete fix [Orabug: 29375502][CVE-2016-6210]
[5.3p1-124.0.1]
- Fix for CVE-2023-38408 [Orabug: 35672523]
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
openssh
5.3p1-124.0.2.el6_10
openssh-askpass
5.3p1-124.0.2.el6_10
openssh-clients
5.3p1-124.0.2.el6_10
openssh-ldap
5.3p1-124.0.2.el6_10
openssh-server
5.3p1-124.0.2.el6_10
pam_ssh_agent_auth
0.9.3-124.0.2.el6_10
Oracle Linux i686
openssh
5.3p1-124.0.2.el6_10
openssh-askpass
5.3p1-124.0.2.el6_10
openssh-clients
5.3p1-124.0.2.el6_10
openssh-ldap
5.3p1-124.0.2.el6_10
openssh-server
5.3p1-124.0.2.el6_10
pam_ssh_agent_auth
0.9.3-124.0.2.el6_10
Связанные CVE
Связанные уязвимости
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user pa ...