Red Hat Security Advisory 2017-2563-01

Red Hat Security Advisory 2017-2563-01 – OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses.

Link: https://packetstormsecurity.com/files/143967/RHSA-2017-2563-01.txt