Summary: | <net-misc/openssh-7.7_p1-r8: User enumeration via malformed packets in authentication requests (CVE-2018-15473) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | base-system, dolsen, python, robbat2, viklevin2 |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2018/08/15/5 | ||
Whiteboard: | A4 [glsa+ cve] | ||
Package list: |
net-misc/openssh-7.7_p1-r9
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2018-08-22 14:34:48 UTC
Fixed since https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f1972d34210086aa07183ca4b412b7d1888c3971 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bd4e2c022dec6fedeabe2613d8968b3931766432 commit bd4e2c022dec6fedeabe2613d8968b3931766432 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-08-22 14:59:53 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-08-22 15:00:09 +0000 net-misc/openssh: partial security cleanup Bug: https://bugs.gentoo.org/664264 Package-Manager: Portage-2.3.48, Repoman-2.3.10 net-misc/openssh/Manifest | 6 - net-misc/openssh/openssh-7.6_p1-r5.ebuild | 342 ---------------------- net-misc/openssh/openssh-7.7_p1-r6.ebuild | 460 ------------------------------ net-misc/openssh/openssh-7.7_p1-r7.ebuild | 444 ---------------------------- net-misc/openssh/openssh-7.7_p1-r8.ebuild | 444 ---------------------------- 5 files changed, 1696 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=419a4fbd29c45b46b5caffa4d8c775693f596a27 commit 419a4fbd29c45b46b5caffa4d8c775693f596a27 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-08-22 14:57:16 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-08-22 15:00:07 +0000 net-misc/openssh: move stable keywords Bug: https://bugs.gentoo.org/664264 Package-Manager: Portage-2.3.48, Repoman-2.3.10 net-misc/openssh/openssh-7.7_p1-r9.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) arm64 stable Security please vote on weather this is a GLSA. Thank you. Michael Boyle Gentoo Security Padawan GLSA Vote: Yes! New GLSA request filed. This issue was resolved and addressed in GLSA 201810-03 at https://security.gentoo.org/glsa/201810-03 by GLSA coordinator Aaron Bauman (b-man). re-opened for cleanup The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5091fd8f2b5a7cb0d3e970df404446d3aef8f3c7 commit 5091fd8f2b5a7cb0d3e970df404446d3aef8f3c7 Author: Mikle Kolyada <zlogene@gentoo.org> AuthorDate: 2018-10-06 17:41:43 +0000 Commit: Mikle Kolyada <zlogene@gentoo.org> CommitDate: 2018-10-06 17:42:24 +0000 net-misc/openssh: Security cleanup Closes: https://bugs.gentoo.org/664264 Signed-off-by: Mikle Kolyada <zlogene@gentoo.org> Package-Manager: Portage-2.3.49, Repoman-2.3.11 net-misc/openssh/Manifest | 5 - net-misc/openssh/metadata.xml | 2 - net-misc/openssh/openssh-7.5_p1-r4.ebuild | 334 ------------------------------ 3 files changed, 341 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fbabae323c3a5684c7886cd4a56cb153ef2b2c17 commit fbabae323c3a5684c7886cd4a56cb153ef2b2c17 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-10-06 22:31:32 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-10-06 22:31:32 +0000 Revert "net-misc/openssh: Security cleanup" This reverts commit 5091fd8f2b5a7cb0d3e970df404446d3aef8f3c7. <net-misc/openssh-7.6 is still needed for dev-python/twisted. Bug: https://bugs.gentoo.org/661258 Bug: https://bugs.gentoo.org/664264 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> net-misc/openssh/Manifest | 5 + net-misc/openssh/metadata.xml | 2 + net-misc/openssh/openssh-7.5_p1-r4.ebuild | 334 ++++++++++++++++++++++++++++++ 3 files changed, 341 insertions(+) Cleanup was reverted. (In reply to Thomas Deutschmann from comment #10) > Cleanup was reverted. tests should be just restricted then, not vuln reverted cleanup will be tracked in bug 675522 |