HCE1-SA-2023-0059 Moderate HCE 1.1 Security Fix(es): Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.' (CVE-2018-15919) In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. (CVE-2018-20685) HCE 1.1 openssh-7.4p1-23.hce1c.x86_64.rpm openssh-askpass-7.4p1-23.hce1c.x86_64.rpm openssh-clients-7.4p1-23.hce1c.x86_64.rpm openssh-keycat-7.4p1-23.hce1c.x86_64.rpm openssh-server-7.4p1-23.hce1c.x86_64.rpm