CESA-2017:2563 -- centos 6 opensshID: oval:org.secpod.oval:def:204550 | Date: (C)2017-09-06 (M)2023-07-28 |
Class: PATCH | Family: unix |
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses