root, version 1:7.6p1-4ubuntu0.1 was published to the archive on November 6th 2018:
https://launchpad.net/ubuntu/+source/openssh/1:7.6p1-4ubuntu0.1 https://lists.ubuntu.com/archives/bionic-changes/2018-November/017000.html https://usn.ubuntu.com/3809-1/ A default configuration of Ubuntu 18.04 LTS with unattended-upgrades installed would have received this update within the next 36 hours or so. If you installed before November 6th, then you probably received the update November 6th or 7th. If you installed after November 6th, then you probably received the update during installation. You can check /var/log/dpkg.log* files to find the exact date and time you received the update. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1794629 Title: CVE-2018-15473 - User enumeration vulnerability Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Trusty: Fix Released Status in openssh source package in Xenial: Fix Released Status in openssh source package in Bionic: Fix Released Status in openssh source package in Cosmic: Fix Released Bug description: https://nvd.nist.gov/vuln/detail/CVE-2018-15473 OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. Fixed in Debian: https://www.debian.org/security/2018/dsa-4280 Currently pending triage? https://people.canonical.com/~ubuntu- security/cve/2018/CVE-2018-15473.html To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1794629/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp