Advisories » MGASA-2015-0271

Updated openssh package fixes security vulnerability

Publication date: 09 Jul 2015
Modification date: 09 Jul 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-5352

Description

In Portable OpenSSH before 6.9p1, when forwarding X11 connections with
ForwardX11Trusted=no, connections made after ForwardX11Timeout expired
could be permitted and no longer subject to XSECURITY restrictions because
of an  ineffective timeout check in ssh (CVE-2015-5352).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16266
• http://openwall.com/lists/oss-security/2015/07/01/10
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5352

SRPMS

5/core

• openssh-6.6p1-5.1.mga5

4/core

• openssh-6.2p2-3.3.mga4