Advisories ยป MGASA-2014-0143

Updated openssh packages fix CVE-2014-2532

Publication date: 31 Mar 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-2532

Description

Updated openssh packages fix security vulnerability:

sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv
lines in sshd_config, which allows remote attackers to bypass intended
environment restrictions by using a substring located before a wildcard
character (CVE-2014-2532).
                

References

SRPMS

4/core

3/core