[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1476-1] dropbear security update

Package        : dropbear
Version        : 2014.65-1+deb8u3
CVE ID         : CVE-2018-15599
Debian Bug     : 906890

A vulnerability in dropbear, a lightweight SSH2 server and client, making it
possible to guess valid usernames has been found:


    The recv_msg_userauth_request function in svr-auth.c in is prone
    to a user enumeration vulnerability, similar to CVE-2018-15473 in OpenSSH.

For Debian 8 "Jessie", this problem has been fixed in version

We recommend that you upgrade your dropbear packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment: signature.asc
Description: PGP signature

Reply to: