Support Content Notification - Support Portal

BSA-2018-539

Product/Component

Brocade Fabric OS

2 more products

Notification Id

21685

Last Updated

10 July 2019

Initial Publication Date

28 September 2018

Status

Closed

Severity

Low

CVSS Base Score

6.5

WorkAround

N/A

Affected CVE

CVE-2016-0777

Summary

Security Advisory ID : BSA-2018-539

Component : OpenSSH

Revision : 2.0: Final

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

A malicious server could potentially use this flaw to leak portions of memory (possibly including private SSH keys) of a successfully authenticated OpenSSH client.

Affected Products
Brocade Fabric OS. Fixed in FOS v7.4.1d, v8.0.1, v8.1.0.

Solution
Security updates for the issue described in this advisory have been posted to the MyBroadcom web portal.

Recommended Action
Brocade recommends that all customers running the impacted version(s) install supported Brocade Fabric OS Versions.

Revision History

Version	Change	Date
1.0	Initial Publication	September 28, 2018
2.0	Updated for Brocade Fibre Channel Products Only	July 10, 2019