Date: Wed, 24 Apr 2019 16:57:37 +0530 From: Brahmanand Reddy <brahma.gdb@gmail.com> To: =?UTF-8?Q?Dag=2DErling_Sm=C3=B8rgrav?= <des@freebsd.org> Cc: openssh@openssh.com, FreeBSD-security@freebsd.org Subject: Re: POC and patch for the CVE-2018-15473 Message-ID: <CAKsRH7njoE9VD%2Bgxg6ZrZ4vPT_4b9-Hnz%2B1b8fVeQVcjse91mQ@mail.gmail.com> In-Reply-To: <86mukfhfb3.fsf@next.des.no> References: <CAKsRH7mBLc3FTJ08uETkniG=wdwyaZrvpYYJAxYmj%2BpPRU4ibw@mail.gmail.com> <86mukfhfb3.fsf@next.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Thank you! CVE-2018-15473 is a "user existence oracle bug which does not meet our criteria for security advisories". You mean this vulnerability which will impact/affects only for Oracle base? . kindly confirm. On Wed, Apr 24, 2019 at 3:54 PM Dag-Erling Sm=C3=B8rgrav <des@freebsd.org> = wrote: > Brahmanand Reddy <brahma.gdb@gmail.com> writes: > > regarding the CVE-2018-15473 dint find find official patch from the > openssh > > on freebsd OS base. > > CVE-2018-15473 is a user existence oracle bug which does not meet our > criteria for security advisories. > > FreeBSD 12 has OpenSSH 7.8, which is patched. FreeBSD 11 has OpenSSH > 7.5, which is not. > > DES > -- > Dag-Erling Sm=C3=B8rgrav - des@FreeBSD.org >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAKsRH7njoE9VD%2Bgxg6ZrZ4vPT_4b9-Hnz%2B1b8fVeQVcjse91mQ>