[USN-6887-1] OpenSSH vulnerability

Severity High
Affected Packages 6
CVEs 1

OpenSSH could be made to expose timing information over the network.

Philippos Giavridis, Jacky Wei En Kung, Daniel Hugenroth, and Alastair
Beresford discovered that the OpenSSH ObscureKeystrokeTiming feature did
not work as expected. A remote attacker could possibly use this issue to
determine timing information about keystrokes.

ID
USN-6887-1
Severity
high
URL
https://ubuntu.com/security/notices/USN-6887-1
Published
2024-07-09T14:04:56
(4 days ago)
Modified
2024-07-09T14:04:56
(4 days ago)
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/ssh?distro=noble ubuntu ssh < 9.6p1-3ubuntu13.4 noble
Affected pkg:deb/ubuntu/ssh-askpass-gnome?distro=noble ubuntu ssh-askpass-gnome < 9.6p1-3ubuntu13.4 noble
Affected pkg:deb/ubuntu/openssh-tests?distro=noble ubuntu openssh-tests < 9.6p1-3ubuntu13.4 noble
Affected pkg:deb/ubuntu/openssh-sftp-server?distro=noble ubuntu openssh-sftp-server < 9.6p1-3ubuntu13.4 noble
Affected pkg:deb/ubuntu/openssh-server?distro=noble ubuntu openssh-server < 9.6p1-3ubuntu13.4 noble
Affected pkg:deb/ubuntu/openssh-client?distro=noble ubuntu openssh-client < 9.6p1-3ubuntu13.4 noble
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date
Loading...