Advisories » MGASA-2018-0384

Updated dropbear packages fix security vulnerability

Publication date: 21 Sep 2018
Modification date: 21 Sep 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-15599

Description

Dropbear is prone to a user enumeration vulnerability (CVE-2018-15599). An
external user without credentials can determine whether a given username
exists on a server. 
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23493
• http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002108.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15599

SRPMS

6/core

• dropbear-2017.75-1.1.mga6