openssh-5.3p1-124.AXS4
エラータID: AXSA:2019-3828:01
Release date:
Thursday, April 11, 2019 - 20:55
Subject:
openssh-5.3p1-124.AXS4
Affected Channels:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
Low
Description:
以下項目について対処しました。
[Security Fix]
- OpenSSHには、無効なユーザーが認証しようとしているリクエストが含まれた
パケットを、すべてパースし終わるのを待たずに処理を終わらせてしまうため、
ユーザー名を列挙することが可能な脆弱性があります。(CVE-2018-15473)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
Solution:
パッケージをアップデートしてください。
CVEs:
CVE-2018-15473
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
Additional Info:
N/A
Download:
SRPMS
- openssh-5.3p1-124.AXS4.src.rpm
MD5: 6534f4fce8b82e0181746966334f989c
SHA-256: 139c810611811c82a3922113cbf5ce58ad6ac3e187d4cb9bc912794210648d13
Size: 1.48 MB
Asianux Server 4 for x86
- openssh-5.3p1-124.AXS4.i686.rpm
MD5: 3f29a14a518dff3c4e1f70f4096a96ce
SHA-256: 7d5c7a897b5e19fa63c93a346cf9a95e11c0f6e903441def81c71b768068cbfa
Size: 279.15 kB - openssh-askpass-5.3p1-124.AXS4.i686.rpm
MD5: 448200176b6d5c0833c080c1039cf6f2
SHA-256: 9911c2cfada055363665405ed533704e98d5f50cdc0f62324a3f912697b49f05
Size: 60.66 kB - openssh-clients-5.3p1-124.AXS4.i686.rpm
MD5: 351bf77779413d1ce8a43fb3c1ab8fc4
SHA-256: 09e3b6f29a16d6a4448b1e707ed7abb04d30e68616272c22ac1a24e5537af809
Size: 449.83 kB - openssh-server-5.3p1-124.AXS4.i686.rpm
MD5: c62c580d0e488b074888188947e15850
SHA-256: 2115c40726e23d636ab971fae8cb38ed76c2cd10cd6677c3a3d8a639e54343ad
Size: 327.72 kB
Asianux Server 4 for x86_64
- openssh-5.3p1-124.AXS4.x86_64.rpm
MD5: 40e65a493499cc8404854e787a96eaa8
SHA-256: c26afc9633715a6ab00731e857b71ff2267b517784135c4091bc617daec1380e
Size: 276.66 kB - openssh-askpass-5.3p1-124.AXS4.x86_64.rpm
MD5: 4f0f1c85155425c2eb4bbae136de64a8
SHA-256: fe5bf1c015afc7b357e8662ae63bfb0a20698a8c3b91114c8697090be83f9c2d
Size: 60.39 kB - openssh-clients-5.3p1-124.AXS4.x86_64.rpm
MD5: 6dc1e822860556ea0f423d920853e189
SHA-256: 91f0152f8ce27e5e20b21b1e50a7ae5883351dfe4340bd2d01bc70209f43908b
Size: 442.88 kB - openssh-server-5.3p1-124.AXS4.x86_64.rpm
MD5: 10a95b65a37428e2de8aa5f4fd8d0407
SHA-256: 9d6638385b4b21215193d4d13212cd46d751efc3d73b9d3ad1735e9550977ba2
Size: 328.61 kB