A vulnerability in OpenSSH might allow remote attackers to determine valid usernames.
|Package||net-misc/openssh on all architectures|
|Affected versions||< 7.7_p1-r8|
|Unaffected versions||>= 7.7_p1-r8|
OpenSSH is a complete SSH protocol implementation that includes SFTP client and server support.
It was discovered that OpenSSH was prone to a user enumeration vulnerability.
A remote attacker could conduct user enumeration.
There is no known workaround at this time.
All OpenSSH users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/openssh-7.7_p1-r8"
October 06, 2018
October 06, 2018: 1