| Package | openssh |
|---|---|
| Version | 1:6.0p1-4+deb7u10 |
| Related CVEs | CVE-2018-15473 |
This update properly implements the fix for the issue first identified in ELA-37-1. The initial update package, version 1:6.0p1-4+deb7u8, is broken and the subsequent package, version 1:6.0p1-4+deb7u9, reverts the incorrect patch and so is vulnerable (as described in ELA-37-2). The package version referenced in this advisory contains the complete and correct fix for CVE-2018-15473.
The original advisory text follows:
It was discovered that there was a user enumeration vulnerability in OpenSSH. A remote attacker could test whether a certain user exists on a target server.
For Debian 7 Wheezy, these problems have been fixed in version 1:6.0p1-4+deb7u10.
We recommend that you upgrade your openssh packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.