- Home
- CVEs with nessus.description==This update for openssh fixes the following issues :
- CVE-2018-15919: Remotely observable behaviour in
auth-gss2.c in OpenSSH could be used by remote attackers
to detect existence of users on a target system when
GSS2 is in use. OpenSSH developers do not want to treat
such a username enumeration (or 'oracle') as a
vulnerability. (bsc#1106163)
- CVE-2018-15473: OpenSSH was prone to a user existance
oracle vulnerability due to not delaying bailout for an
invalid authenticating user until after the packet
containing the request has been fully parsed, related to
auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
(bsc#1105010)
The following non-security issues were fixed :
- Stop leaking File descriptors (bsc#964336)
- sftp-client.c returns wrong error code upon failure
(bsc#1091396)
- added pam_keyinit to pam configuration file
(bsc#1081947)
This update was imported from the SUSE:SLE-15:Update update project.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top