Advisories » MGASA-2014-0143

Updated openssh packages fix CVE-2014-2532

Publication date: 31 Mar 2014
Modification date: 07 Apr 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-2532

Description

Updated openssh packages fix security vulnerability:

sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv
lines in sshd_config, which allows remote attackers to bypass intended
environment restrictions by using a substring located before a wildcard
character (CVE-2014-2532).
                

References

• http://www.ubuntu.com/usn/usn-2155-1/
• https://bugs.mageia.org/show_bug.cgi?id=13088
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532

SRPMS

3/core

• openssh-6.1p1-4.2.mga3

4/core

• openssh-6.2p2-3.1.mga4