Advisories » MGASA-2015-0321

Updated openssh packages fix security vulnerabilities

Publication date: 21 Aug 2015
Modification date: 21 Aug 2015
Type: security
Affected Mageia releases : 4 , 5

Description

Privilege seaparation weakness related to PAM support allowing the attacker to
impersonate other users was found in openssh package. Attackers who could
successfully compromise the pre-authentication process for remote code
execution and who had valid credentials on the host could impersonate other
users (rhbz#1252844).

Use-after-free bug was found in openssh package. The vulnerability is
exploitable by attackers who could compromise the pre-authentication process
for remote code execution (rhbz#1252852).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16617
• http://openwall.com/lists/oss-security/2015/08/11/9
• https://lists.fedoraproject.org/pipermail/package-announce/2015-August/164224.html

SRPMS

4/core

• openssh-6.2p2-3.6.mga4

5/core

• openssh-6.6p1-5.5.mga5