(RHSA-2017:2563) Moderate: openssh security update

2017-08-31T17:09:34
ID RHSA-2017:2563
Type redhat
Reporter RedHat
Modified 2018-06-07T18:23:03

Description

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

Security Fix(es):

  • A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. (CVE-2016-6210)