Updated openssh packages fix security vulnerabilityPublication date: 01 Jan 2018
Affected Mageia releases : 5
CVE: CVE-2016-10012 , CVE-2017-15906
It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged monitor process (CVE-2016-10012). The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files (CVE-2017-15906).