Updated dropbear packages fix security vulnerability
Publication date: 10 Jun 2017Modification date: 10 Jun 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-9078 , CVE-2017-9079
Description
A double-free in the server could be triggered by an authenticated user if dropbear is running with -a (CVE-2017-9078). The default Mageia configuration does not set -a, so is not vulnerable Dropbear parsed authorized_keys as root, even if it were a symlink. The fix is to switch to user permissions when opening authorized_keys (CVE-2017-9079)
References
SRPMS
5/core
- dropbear-2014.66-1.3.mga5