Univention Bugzilla – Bug 47628
openssh: Multiple issues (4.2)
Last modified: 2018-08-29 13:42:58 CEST
New Debian openssh 1:6.7p1-5+deb8u5A~4.2.4.201808221019 fixes: This update addresses the following issue: * User enumeration via malformed packets in authentication requests (CVE-2018-15473)
--- mirror/ftp/4.2/unmaintained/4.2-4/source/openssh_6.7p1-5+deb8u4A~4.2.4.201805071556.dsc +++ apt/ucs_4.2-0-errata4.2-4/source/openssh_6.7p1-5+deb8u5A~4.2.4.201808221019.dsc @@ -1,9 +1,15 @@ -1:6.7p1-5+deb8u4A~4.2.4.201805071556 [Mon, 07 May 2018 16:00:34 +0200] Univention builddaemon <buildd@univention.de>: +1:6.7p1-5+deb8u5A~4.2.4.201808221019 [Wed, 22 Aug 2018 10:19:17 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package CVE-2015-5352 CVE-2015-5600-1 CVE-2015-5600-2 + +1:6.7p1-5+deb8u5 [Tue, 21 Aug 2018 18:04:27 +0100] Chris Lamb <lamby@debian.org>: + + * CVE-2018-15473: Prevent a user enumeration vulnerability by delaying the + bailout for invalid authenticating users until after the packet containing + the request has been fully parsed. (closes: #906236) 1:6.7p1-5+deb8u4 [Sat, 18 Nov 2017 10:56:29 +0000] Colin Watson <cjwatson@debian.org>: <http://10.200.17.11/4.2-4/#3961379882662141592>
OK: yaml OK: errata-announce OK: patch OK: piuparts [4.2-4] 9de43ed1d8 Bug #47628: openssh 1:6.7p1-5+deb8u5A~4.2.4.201808221019 doc/errata/staging/openssh.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) [4.2-4] 0067499213 Bug #47628: openssh 1:6.7p1-5+deb8u5A~4.2.4.201808221019 doc/errata/staging/openssh.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+)
<http://errata.software-univention.de/ucs/4.2/499.html>