Scientific Linux alert SLSA-2017:2563-1 (openssh)


From:
    	       Pat Riehecky <riehecky@fnal.gov> 
To:
    	       <scientific-linux-errata@listserv.fnal.gov> 
Subject:
    	       Security ERRATA Moderate: openssh on SL6.x i386/x86_64 
Date:
    	       Thu, 31 Aug 2017 16:21:46 +0000
Message-ID:
    	       <20170831162146.21267.5322@slpackages.fnal.gov>
Synopsis:          Moderate: openssh security update
Advisory ID:       SLSA-2017:2563-1
Issue Date:        2017-08-31
CVE Numbers:       CVE-2016-6210
--

Security Fix(es):

* A covert timing channel flaw was found in the way OpenSSH handled
authentication of non-existent users. A remote unauthenticated attacker
could possibly use this flaw to determine valid user names by measuring
the timing of server responses. (CVE-2016-6210)
--

SL6
  x86_64
    openssh-5.3p1-123.el6_9.x86_64.rpm
    openssh-askpass-5.3p1-123.el6_9.x86_64.rpm
    openssh-clients-5.3p1-123.el6_9.x86_64.rpm
    openssh-debuginfo-5.3p1-123.el6_9.x86_64.rpm
    openssh-server-5.3p1-123.el6_9.x86_64.rpm
    openssh-debuginfo-5.3p1-123.el6_9.i686.rpm
    openssh-ldap-5.3p1-123.el6_9.x86_64.rpm
    pam_ssh_agent_auth-0.9.3-123.el6_9.i686.rpm
    pam_ssh_agent_auth-0.9.3-123.el6_9.x86_64.rpm
  i386
    openssh-5.3p1-123.el6_9.i686.rpm
    openssh-askpass-5.3p1-123.el6_9.i686.rpm
    openssh-clients-5.3p1-123.el6_9.i686.rpm
    openssh-debuginfo-5.3p1-123.el6_9.i686.rpm
    openssh-server-5.3p1-123.el6_9.i686.rpm
    openssh-ldap-5.3p1-123.el6_9.i686.rpm
    pam_ssh_agent_auth-0.9.3-123.el6_9.i686.rpm

- Scientific Linux Development Team

From:		Pat Riehecky <riehecky@fnal.gov>
To:		<scientific-linux-errata@listserv.fnal.gov>
Subject:		Security ERRATA Moderate: openssh on SL6.x i386/x86_64
Date:		Thu, 31 Aug 2017 16:21:46 +0000
Message-ID:		<20170831162146.21267.5322@slpackages.fnal.gov>