[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA-1474-1] openssh security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : openssh
Version        : 1:6.7p1-5+deb8u5
CVE ID         : CVE-2018-15473 
Debian Bug     : #906236

It was discovered that there was a user enumeration vulnerability in
OpenSSH. A remote attacker couldtest whether a certain user exists
on a target server.

For Debian 8 "Jessie", this issue has been fixed in openssh version
1:6.7p1-5+deb8u5.

We recommend that you upgrade your openssh packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlt8SEwACgkQHpU+J9Qx
HlhMGxAAlPo7NA5IAD6fXl94Fmm9D7eMNkCBWbwHueSgxKRkVKXxPUBCuZ1QrPMz
H+lRWI/mCD2cxqtGcPDvPC49Aa/HP1ZLCQSV66tdwExGjOJMuPF7Wu4hhPJuULbJ
YLY1kLTyLs7k2VCO6jYXOW57slcUAX+dfgrnd21rMZiFwpNmij0ulcajuCJRcSv9
t0a5C4nhMptRy7X3moBcZO33uGUPT4b/sW3m0Z/YzRTVngB5wzg2vsVa/+YqZNqH
qFr6M+yEqT1QIt7MKWjUfO0Mj6zBfTr2i9DO8iwYJgMQRDbk21dNskabjhDNSLsC
0aQmJ1dRwbaK80ocReLcvmMIVAJle7PFWK6fsnMCeRsIwvXLp6Y4WclBZk/jySj8
19ObdIowwjiTD5Z/FhxlVD9MVNMQJnBb7y+5Zy1r8UYThXaEIy3TWGiKc0jU/+x8
/z6l+3izonJOdnCmMZ9ogNx69smJWoaf9NpdC1Ep4uim/Cq6BKNSSi52XPmiKSX8
Joiafh3SOaZ5SdeI7Kygc0WpBSrUI3mYiSm0KTqPYou/WsuXGbA1Do1rssMQGcrX
4nK+si+npc5QViytH41qZ+xUYhfshqnvV0T4MGlNmxL33nFonPQLggRkv58kR+W4
NF5tPDdFjpBHe2exIItFZtQhV4ESomsdjz1nAa1yE+qBB4Z1Rho=
=ZrdX
-----END PGP SIGNATURE-----


Reply to: