CVE 2018-15473
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
Related bugs and status
CVE-2018-15473 (Candidate) is related to these bugs:
Bug #1794629: CVE-2018-15473 - User enumeration vulnerability
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1794629 | CVE-2018-15473 - User enumeration vulnerability | openssh (Ubuntu) | Low | Fix Released | ||
1794629 | CVE-2018-15473 - User enumeration vulnerability | openssh (Ubuntu Bionic) | Undecided | Fix Released | ||
1794629 | CVE-2018-15473 - User enumeration vulnerability | openssh (Ubuntu Trusty) | Undecided | Fix Released | ||
1794629 | CVE-2018-15473 - User enumeration vulnerability | openssh (Ubuntu Cosmic) | Undecided | Fix Released | ||
1794629 | CVE-2018-15473 - User enumeration vulnerability | openssh (Ubuntu Xenial) | Undecided | Fix Released |
Bug #1859013: openssh tests use "not valid yet" certificate from 2020, which is now valid
Bug #1887438: Controller-0 Not Ready after force rebooting active controller (Controller-1)
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1887438 | Controller-0 Not Ready after force rebooting active controller (Controller-1) | StarlingX | Medium | Fix Released |
Bug #1887677: stx-openstack: etcd 1MB size limit will prevent scaling up openstack workers
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1887677 | stx-openstack: etcd 1MB size limit will prevent scaling up openstack workers | StarlingX | Medium | Fix Released |
Bug #1900920: pods do not get restarted in an AIO-DX system
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1900920 | pods do not get restarted in an AIO-DX system | StarlingX | Medium | Fix Released |
Bug #1901449: DC: rbd mounted devices becomes read only after enabling https on system controller
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1901449 | DC: rbd mounted devices becomes read only after enabling https on system controller | StarlingX | Medium | Fix Released |
Bug #1906470: CVE-2019-11068: libxslt: bypass of protection mechanism
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1906470 | CVE-2019-11068: libxslt: bypass of protection mechanism | StarlingX | High | Fix Released |
Bug #1906471: CVE-2019-17006: nss: crypto primitives missing length checks
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1906471 | CVE-2019-17006: nss: crypto primitives missing length checks | StarlingX | High | Fix Released |
Bug #1908088: stx-tools: yum fails in Docker with misleading error messages
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1908088 | stx-tools: yum fails in Docker with misleading error messages | StarlingX | Low | Fix Released |
Bug #1908297: populate_downloads.sh doesn't clean/backup old content
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1908297 | populate_downloads.sh doesn't clean/backup old content | StarlingX | Low | Fix Released |
Bug #1908751: mirror-check.sh failes for layered build
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1908751 | mirror-check.sh failes for layered build | StarlingX | Low | Triaged |
Bug #1910130: Build of 'compile' layer fails due to missing python3 dependencies
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1910130 | Build of 'compile' layer fails due to missing python3 dependencies | StarlingX | Critical | Fix Released |
Bug #1912139: CVE-2018-19519: tcpdump: a stack-based buffer over-read
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1912139 | CVE-2018-19519: tcpdump: a stack-based buffer over-read | StarlingX | Medium | Fix Released |
Bug #1912682: tools: Dockerfile: yum install silently ignores errors
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1912682 | tools: Dockerfile: yum install silently ignores errors | StarlingX | Low | Fix Released |
Bug #1915050: IPv6: All hosts remain offline after booting off the controller-0
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1915050 | IPv6: All hosts remain offline after booting off the controller-0 | StarlingX | Critical | Fix Released |
Bug #1915951: Shared NIC: System doesn't retain the rate-limit config when a pod is deleted
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1915951 | Shared NIC: System doesn't retain the rate-limit config when a pod is deleted | StarlingX | Medium | Fix Released |
Bug #1916946: CVE-2021-3156 sudo privilege escalation
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1916946 | CVE-2021-3156 sudo privilege escalation | StarlingX | Medium | Fix Released |
Bug #1917308: Stx-openstack apply-fail after swact standby controller, lock, unlock standby controller
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1917308 | Stx-openstack apply-fail after swact standby controller, lock, unlock standby controller | StarlingX | Critical | Fix Released |
Bug #1917781: Controller-0 showing disabled/offline in dm while it is unlocked/available in sysinv
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1917781 | Controller-0 showing disabled/offline in dm while it is unlocked/available in sysinv | StarlingX | Low | Fix Released |
Bug #1917901: tb.sh create fails on rmdir /var/lib/mock
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1917901 | tb.sh create fails on rmdir /var/lib/mock | StarlingX | High | Fix Released |
Bug #1918139: On AIO hosts, kuberenetes is starting before key resources are initialized
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1918139 | On AIO hosts, kuberenetes is starting before key resources are initialized | StarlingX | Medium | Fix Released |
Bug #1918154: CVE-2020-10878: perl: perl before 5.30.3 has an integer overflow
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1918154 | CVE-2020-10878: perl: perl before 5.30.3 has an integer overflow | StarlingX | High | Fix Released |
Bug #1918477: download_mirror.sh is slow
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1918477 | download_mirror.sh is slow | StarlingX | High | Fix Released |
Bug #1920024: linuxsoft.cern.ch is no longer responding
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1920024 | linuxsoft.cern.ch is no longer responding | StarlingX | High | Fix Released |
Bug #1920245: drbd filesystems not resized during bootstrap
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1920245 | drbd filesystems not resized during bootstrap | StarlingX | Medium | Fix Released |
Bug #1923458: basearch not always set
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1923458 | basearch not always set | StarlingX | Medium | Fix Released |
Bug #1923665: No LLDP information available for Fortville i40e NIC
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1923665 | No LLDP information available for Fortville i40e NIC | StarlingX | Medium | Fix Released |
Bug #1924579: armada-api container not using the correct user
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1924579 | armada-api container not using the correct user | StarlingX | Low | Fix Released |
Bug #1924686: systemd excessively reads mountinfo and udev in dense container environments
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1924686 | systemd excessively reads mountinfo and udev in dense container environments | StarlingX | Medium | Fix Released |
Bug #1924691: systemd sends tons of useless PropertiesChanged messages when a mount happens
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1924691 | systemd sends tons of useless PropertiesChanged messages when a mount happens | StarlingX | Medium | Fix Released |
Bug #1926372: CVE-2021-26937 screen segfault
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1926372 | CVE-2021-26937 screen segfault | StarlingX | High | Fix Released |
Bug #1926591: Unlock fails after restore when trying to resize docker-lv fs
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1926591 | Unlock fails after restore when trying to resize docker-lv fs | StarlingX | High | Fix Released |
Bug #1926987: Download_mirror.sh fails on 'flockflock'
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1926987 | Download_mirror.sh fails on 'flockflock' | StarlingX | Critical | Fix Released |
Bug #1927137: Docker build env fails on git-review
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1927137 | Docker build env fails on git-review | StarlingX | Critical | Fix Released |
Bug #1927153: intel-fpga/intel-gpu/intel-qat: docker images build errors
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1927153 | intel-fpga/intel-gpu/intel-qat: docker images build errors | StarlingX | Medium | Fix Released |
Bug #1927730: Secure boot via pxeboot fails with updated grub2
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1927730 | Secure boot via pxeboot fails with updated grub2 | StarlingX | High | Fix Released |
Bug #1928018: AIO-SX: armada pod stuck in Unknown after host-lock/unlock
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1928018 | AIO-SX: armada pod stuck in Unknown after host-lock/unlock | StarlingX | Medium | Fix Released |
Bug #1928141: AIO-SX upgrade_platform playbook fails waiting for armada-api pod
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1928141 | AIO-SX upgrade_platform playbook fails waiting for armada-api pod | StarlingX | Medium | Fix Released |
Bug #1928934: Storage-services loss of redundancy after lock/unlock of standby controller
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1928934 | Storage-services loss of redundancy after lock/unlock of standby controller | StarlingX | Medium | Fix Released |
Bug #1934501: CVE-2018-15473 patch introduce user enumeration vulnerability
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1934501 | CVE-2018-15473 patch introduce user enumeration vulnerability | openssh (Ubuntu) | Undecided | Fix Released |
See the
CVE page on Mitre.org
for more details.