Oval Definition:oval:com.redhat.rhsa:def:20172563
Revision Date:2017-08-31Version:635
Title:RHSA-2017:2563: openssh security update (Moderate)
Description:OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

Security Fix(es):

  • A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. (CVE-2016-6210)
    • Family:unixClass:patch
    Status:Reference(s):CVE-2016-6210
    RHSA-2017:2563
    RHSA-2017:2563-00
    RHSA-2017:2563-01
    Platform(s):Red Hat Enterprise Linux 6
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • openssh is earlier than 0:5.3p1-123.el6_9
  • AND openssh is signed with Red Hat redhatrelease2 key
  • openssh-askpass is earlier than 0:5.3p1-123.el6_9
  • AND openssh-askpass is signed with Red Hat redhatrelease2 key
  • openssh-clients is earlier than 0:5.3p1-123.el6_9
  • AND openssh-clients is signed with Red Hat redhatrelease2 key
  • openssh-ldap is earlier than 0:5.3p1-123.el6_9
  • AND openssh-ldap is signed with Red Hat redhatrelease2 key
  • openssh-server is earlier than 0:5.3p1-123.el6_9
  • AND openssh-server is signed with Red Hat redhatrelease2 key
  • pam_ssh_agent_auth is earlier than 0:0.9.3-123.el6_9
  • AND pam_ssh_agent_auth is signed with Red Hat redhatrelease2 key
    • BACK