Brahmanand Reddy <brahma.gdb at gmail.com> writes:> regarding the CVE-2018-15473 dint find find official patch from the openssh > on freebsd OS base.CVE-2018-15473 is a user existence oracle bug which does not meet our criteria for security advisories. FreeBSD 12 has OpenSSH 7.8, which is patched. FreeBSD 11 has OpenSSH 7.5, which is not. DES -- Dag-Erling Sm?rgrav - des at FreeBSD.org
Thank you! CVE-2018-15473 is a "user existence oracle bug which does not meet our criteria for security advisories". You mean this vulnerability which will impact/affects only for Oracle base? . kindly confirm. On Wed, Apr 24, 2019 at 3:54 PM Dag-Erling Sm?rgrav <des at freebsd.org> wrote:> Brahmanand Reddy <brahma.gdb at gmail.com> writes: > > regarding the CVE-2018-15473 dint find find official patch from the > openssh > > on freebsd OS base. > > CVE-2018-15473 is a user existence oracle bug which does not meet our > criteria for security advisories. > > FreeBSD 12 has OpenSSH 7.8, which is patched. FreeBSD 11 has OpenSSH > 7.5, which is not. > > DES > -- > Dag-Erling Sm?rgrav - des at FreeBSD.org >
My company has remained with FreeBSD 11 for now because we have encountered NIC driver stability problems under heavy loads with FreeBSD 12.0. As an ISP, we also endure constant brute force username and password guessing attacks, so a fix for this problem is of interest to us. Is the FreeBSD port of OpenSSH 7.8 available for FreeBSD 11-STABLE from the ports collection? If not, shouldn't it be? --Brett Glass>Brahmanand Reddy <brahma.gdb at gmail.com> writes: > > regarding the CVE-2018-15473 dint find find official patch from the openssh > > on freebsd OS base. > >CVE-2018-15473 is a user existence oracle bug which does not meet our >criteria for security advisories. > >FreeBSD 12 has OpenSSH 7.8, which is patched. FreeBSD 11 has OpenSSH >7.5, which is not. > >DES >-- >Dag-Erling Sm??rgrav - des at FreeBSD.org >_______________________________________________ >freebsd-security at freebsd.org mailing list >https://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"