Advisories » MGASA-2019-0402

Updated libssh packages fix security vulnerability

Publication date: 19 Dec 2019
Modification date: 19 Dec 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-14889

Description

Updated libssh packages fix security vulnerability:

In an environment where a user is only allowed to copy files and not to
execute applications, it would be possible to pass a location which
contains commands to be executed in addition (CVE-2019-14889).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=25865
• https://www.libssh.org/security/advisories/CVE-2019-14889.txt
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14889

SRPMS

7/core

• libssh-0.8.8-1.mga7