AXSA:2019-4118:02

Release date: 
Tuesday, August 20, 2019 - 01:38
Subject: 
openssh-7.4p1-21.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

Security Fix(es):

* openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2018-15473
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. openssh-7.4p1-21.el7.src.rpm
    MD5: 2a48583db5bceb299280a83008ab101d
    SHA-256: 8dfa82fb315850b462daa8c413aba516a39f7bb463905a42f6dd4e901d067af5
    Size: 2.73 MB

Asianux Server 7 for x86_64
  1. openssh-7.4p1-21.el7.x86_64.rpm
    MD5: a39356722d7e9a598958d09272c7328e
    SHA-256: e134d71b745c0ee6d9d9eec85d27406d0793ac7498f174315b291f3e1501bf7e
    Size: 508.92 kB
  2. openssh-askpass-7.4p1-21.el7.x86_64.rpm
    MD5: 2ceb8f6c26977a887105bbaf08f253ee
    SHA-256: 5c7aba90054e932b56ca8098eb3db20414f71a6b2c255ae9802fc73dba2baaa4
    Size: 75.96 kB
  3. openssh-clients-7.4p1-21.el7.x86_64.rpm
    MD5: 9af556d13223d78e4eaa911e8e10dcce
    SHA-256: caa5363c79b73abda5356984ddbb50c71f6a30f811c50b44a7c213bf98460e2c
    Size: 653.59 kB
  4. openssh-keycat-7.4p1-21.el7.x86_64.rpm
    MD5: 09823d077fc10b221ac79cfd7fee9089
    SHA-256: 35dd1489000be021bcc4f0a356ea662a4201f88b51fd25a6c8e9d077e75ee066
    Size: 96.27 kB
  5. openssh-server-7.4p1-21.el7.x86_64.rpm
    MD5: e955148ebf52f48f5d7b000f59da873f
    SHA-256: 75dee86e83658b9d53164d441937826b12c80b267a2e59ddaee8ffb22397f7ae
    Size: 458.15 kB
Copyright© 2007-2015 Asianux. All rights reserved.