Closed l2dy closed 6 years ago
Having trouble backporting the patch listed...
@l2dy Is there any other distributions attempting to patch this issue, and will this issue get a CVE?
We believe that this issue warrants a CVE; it affects all operating systems, all OpenSSH versions (we went back as far as OpenSSH 2.3.0, released in November 2000), and is easier to exploit than previous OpenSSH username enumerations (which were all timing attacks) [...]
Cross-References: DSA-4280-1
Fix available from here.
Marking upgrade
, difficulties with backporting patch to 7.6.
Use AOSA-2018-0374.
Cross-References: GLSA 201810-03
https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0 https://github.com/openssh/openssh-portable/commit/74287f5df9966a0648b4a68417451dd18f079ab8