openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473)
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to
not delaying bailout for
an invalid authenticating user until after the packet containing the request has been fully parsed,
related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
(from redmine: issue id 9316, created on 2018-08-22, closed on 2018-09-20)