Download
| Alert*
|
oval:org.secpod.oval:def:89045311
This update for openssh fixes the following issues: - CVE-2016-6210: Prevent user enumeration through the timing of password processing [-prevent_timing_user_enumeration] - Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used - CVE-2016-6515: Limiting ... oval:org.secpod.oval:def:111175 SSH is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the sec ... oval:org.secpod.oval:def:703235 openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH. oval:org.secpod.oval:def:37886 The host is missing a patch containing security fixes, which affects the following package(s):openssh.base.server and openssh.base.client oval:org.secpod.oval:def:1800351 A denial of service vulnerability was found in openssh. The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackersto cause a denial of service via a long string.. oval:org.secpod.oval:def:51617 openssh: secure shell for secure access to remote machines Several security issues were fixed in OpenSSH. oval:org.secpod.oval:def:36709 The host is installed with OpenSSH before 7.3 and is prone to denial of service vulnerability. A flaw is present in auth_password function in auth-passwd.c in sshd, which does not limit password lengths for password authentication. Successful exploitation could allow remote attackers to cause a deni ... oval:org.secpod.oval:def:502089 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. The following packages have been upgraded to a later upstream version: openssh . Security Fix: * A covert timin ... oval:org.secpod.oval:def:1600784 A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. It was found that OpenSSH did not limit password lengths f ... oval:org.secpod.oval:def:204642 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. The following packages have been upgraded to a later upstream version: openssh . Security Fix: * A covert timin ... oval:org.secpod.oval:def:1501987 The advisory is missing the security advisory description. For more information please visit the reference link |
