Synopsis:          Moderate: openssh security update
Advisory ID:       SLSA-2017:2563-1
Issue Date:        2017-08-31
CVE Numbers:       CVE-2016-6210
--

Security Fix(es):

* A covert timing channel flaw was found in the way OpenSSH handled
authentication of non-existent users. A remote unauthenticated attacker
could possibly use this flaw to determine valid user names by measuring
the timing of server responses. (CVE-2016-6210)
--

SL6
  x86_64
    openssh-5.3p1-123.el6_9.x86_64.rpm
    openssh-askpass-5.3p1-123.el6_9.x86_64.rpm
    openssh-clients-5.3p1-123.el6_9.x86_64.rpm
    openssh-debuginfo-5.3p1-123.el6_9.x86_64.rpm
    openssh-server-5.3p1-123.el6_9.x86_64.rpm
    openssh-debuginfo-5.3p1-123.el6_9.i686.rpm
    openssh-ldap-5.3p1-123.el6_9.x86_64.rpm
    pam_ssh_agent_auth-0.9.3-123.el6_9.i686.rpm
    pam_ssh_agent_auth-0.9.3-123.el6_9.x86_64.rpm
  i386
    openssh-5.3p1-123.el6_9.i686.rpm
    openssh-askpass-5.3p1-123.el6_9.i686.rpm
    openssh-clients-5.3p1-123.el6_9.i686.rpm
    openssh-debuginfo-5.3p1-123.el6_9.i686.rpm
    openssh-server-5.3p1-123.el6_9.i686.rpm
    openssh-ldap-5.3p1-123.el6_9.i686.rpm
    pam_ssh_agent_auth-0.9.3-123.el6_9.i686.rpm

- Scientific Linux Development Team