This bug was fixed in the package openssh - 1:7.6p1-4ubuntu0.1 --------------- openssh (1:7.6p1-4ubuntu0.1) bionic-security; urgency=medium
[ Ryan Finnie ] * SECURITY UPDATE: OpenSSH User Enumeration Vulnerability (LP: #1794629) - debian/patches/CVE-2018-15473.patch: delay bailout for invalid authenticating user until after the packet containing the request has been fully parsed. - CVE-2018-15473 -- leo.barb...@canonical.com (Leonidas S. Barbosa) Mon, 05 Nov 2018 08:51:29 -0300 ** Changed in: openssh (Ubuntu Bionic) Status: In Progress => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1794629 Title: CVE-2018-15473 - User enumeration vulnerability Status in openssh package in Ubuntu: In Progress Status in openssh source package in Trusty: Fix Released Status in openssh source package in Xenial: Fix Released Status in openssh source package in Bionic: Fix Released Status in openssh source package in Cosmic: In Progress Bug description: https://nvd.nist.gov/vuln/detail/CVE-2018-15473 OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. Fixed in Debian: https://www.debian.org/security/2018/dsa-4280 Currently pending triage? https://people.canonical.com/~ubuntu- security/cve/2018/CVE-2018-15473.html To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1794629/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp