Support Content Notification - Support Portal

BSA-2018-698

Product/Component

Brocade Fabric OS

2 more products

Notification Id

21487

Last Updated

20 September 2019

Initial Publication Date

22 August 2018

Status

Closed

Severity

Medium

CVSS Base Score

5.3

WorkAround

Yes

Affected CVE

CVE-2018-15473

Summary

Security Advisory ID : BSA-2018-698

Component : OpenSSH

Revision : 2.0: Final

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

Affected Products
Security updates have been provided in Brocade Fabric OS versions 8.2.2,8.2.1c,8.1.2h,7.4.2e and Ficon Patches 7.4.2a7, 8.1.2a7 8.2.0a4

Products Confirmed Not Vulnerable
Brocade Manageability Products are Not affected by this vulnerability.

Revision History

Version	Change	Date
1.0	Initial Publication	August 22, 2018
2.0	Updated with all releases	September 20, 2019