Vulnerability CVE-2018-15473: Information
Description
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
openssh | sisyphus | 7.2p2-alt3 | 9.6p1-alt1 | ALT-PU-2018-2222-1 | 211897 | Fixed |
openssh | p10 | 7.2p2-alt3 | 7.9p1-alt4.p10.6 | ALT-PU-2018-2222-1 | 211897 | Fixed |
openssh | p9 | 7.2p2-alt3 | 7.9p1-alt1 | ALT-PU-2018-2222-1 | 211897 | Fixed |
openssh | p8 | 7.2p2-alt2.M80P.2 | 7.2p2-alt2.M80P.2 | ALT-PU-2018-2229-1 | 211899 | Fixed |
openssh | c10f1 | 7.2p2-alt3 | 7.9p1-alt4.p10.6 | ALT-PU-2018-2222-1 | 211897 | Fixed |
openssh | c9f2 | 7.2p2-alt3 | 7.9p1-alt4.p10.6 | ALT-PU-2018-2222-1 | 211897 | Fixed |
openssh | c7 | 6.7p1-alt1.M70C.5 | 6.7p1-alt1.M70C.5 | ALT-PU-2018-2223-1 | 211896 | Fixed |
openssh | p11 | 7.2p2-alt3 | 9.6p1-alt1 | ALT-PU-2018-2222-1 | 211897 | Fixed |