Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Scientific Linux SLSA-2017:2563-1 Moderate: OpenSSH Timing Flaw

Scientific Large Esm H446
A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. (CVE-2016-6210) SL6 x86_64 openssh-5.3p1-123.el6_9.x86_64.rpm openssh-askpass-5.3p1-123.el6_9.x86_64.rpm openssh-clients-5.3p1-123.el6_9.x8 [More...]
Synopsis:          Moderate: openssh security update
Advisory ID:       SLSA-2017:2563-1
Issue Date:        2017-08-31
CVE Numbers:       CVE-2016-6210
--

Security Fix(es):

* A covert timing channel flaw was found in the way OpenSSH handled
authentication of non-existent users. A remote unauthenticated attacker
could possibly use this flaw to determine valid user names by measuring
the timing of server responses. (CVE-2016-6210)
--

SL6
  x86_64
    openssh-5.3p1-123.el6_9.x86_64.rpm
    openssh-askpass-5.3p1-123.el6_9.x86_64.rpm
    openssh-clients-5.3p1-123.el6_9.x86_64.rpm
    openssh-debuginfo-5.3p1-123.el6_9.x86_64.rpm
    openssh-server-5.3p1-123.el6_9.x86_64.rpm
    openssh-debuginfo-5.3p1-123.el6_9.i686.rpm
    openssh-ldap-5.3p1-123.el6_9.x86_64.rpm
    pam_ssh_agent_auth-0.9.3-123.el6_9.i686.rpm
    pam_ssh_agent_auth-0.9.3-123.el6_9.x86_64.rpm
  i386
    openssh-5.3p1-123.el6_9.i686.rpm
    openssh-askpass-5.3p1-123.el6_9.i686.rpm
    openssh-clients-5.3p1-123.el6_9.i686.rpm
    openssh-debuginfo-5.3p1-123.el6_9.i686.rpm
    openssh-server-5.3p1-123.el6_9.i686.rpm
    openssh-ldap-5.3p1-123.el6_9.i686.rpm
    pam_ssh_agent_auth-0.9.3-123.el6_9.i686.rpm

- Scientific Linux Development Team