It was found that there is a theoretical leak of host private key material to privilege-separated child processes via realloc() when reading keys No such leak was observed in practice for normal-sized keys, nor does a leak to the child processes directly expose key material to unprivileged users ...
Debian Bug report logs -
#848717
openssh: CVE-2016-10012
Package:
src:openssh;
Maintainer for src:openssh is Debian OpenSSH Maintainers <debian-ssh@listsdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 19 Dec 2016 19:36:01 UTC
Severity: important
Tags: security, upstream
Found in versio ...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
# SSA-676336: OpenSSH Vulnerabilities in SCALANCE X-200 and X-300/X408 Switches
Publication Date: 2021-09-14
Last Update: 2021-09-14
Current Version: 10
CVSS v31 Base Score: 75
SUMMARY
=======
The latest update of the SCALANCE X-200 and X-300/X408 switches families ...
Several security issues were fixed in OpenSSH ...
Debian Bug report logs -
#848715
openssh: CVE-2016-10010
Package:
src:openssh;
Maintainer for src:openssh is Debian OpenSSH Maintainers <debian-ssh@listsdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 19 Dec 2016 19:33:02 UTC
Severity: important
Tags: security, upstream
Found in versio ...
Debian Bug report logs -
#848714
openssh: CVE-2016-10009
Package:
src:openssh;
Maintainer for src:openssh is Debian OpenSSH Maintainers <debian-ssh@listsdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 19 Dec 2016 19:27:02 UTC
Severity: important
Tags: security, upstream
Found in versio ...
Debian Bug report logs -
#848716
openssh: CVE-2016-10011
Package:
src:openssh;
Maintainer for src:openssh is Debian OpenSSH Maintainers <debian-ssh@listsdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 19 Dec 2016 19:33:04 UTC
Severity: important
Tags: security, upstream
Found in versio ...
Arch Linux Security Advisory ASA-201612-20
==========================================
Severity: Medium
Date : 2016-12-22
CVE-ID : CVE-2016-10009 CVE-2016-10010 CVE-2016-10011 CVE-2016-10012
Package : openssh
Type : multiple issues
Remote : Yes
Link : securityarchlinuxorg/AVG-110
Summary
=======
The package openssh before ver ...
A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses (CVE-2016-6210)
It was found that OpenSSH did not limit password lengths for password authentication A remo ...
<!-- Start - Changes for Security Advisory Channel -->
Security Advisory ID
SYMSA1397
Initial Publication Date:
Advisory Status:
Advisory Severity:
CVSS Base Score:
Legacy ID
2 Mar 2017
Open
High
CVSS v2: 75
SA144
...
Support
My AccountForcepoint Support Site Guest User (Logout)Community
My Account Visitor(login)Community
CVE-2016-8858, CVE-2016-10009, -10010, -10011, and -10012 OpenSSH Vulnerabilities
Article Number: 000012799
...
Oracle Linux Bulletin - July 2017
Description
The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released ...
Oracle Solaris Third Party Bulletin - April 2017
Description
The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Upda ...
Vulmon