Advisories ยป MGASA-2015-0321

Updated openssh packages fix security vulnerabilities

Publication date: 21 Aug 2015
Type: security
Affected Mageia releases : 4 , 5

Description

Privilege seaparation weakness related to PAM support allowing the attacker to
impersonate other users was found in openssh package. Attackers who could
successfully compromise the pre-authentication process for remote code
execution and who had valid credentials on the host could impersonate other
users (rhbz#1252844).

Use-after-free bug was found in openssh package. The vulnerability is
exploitable by attackers who could compromise the pre-authentication process
for remote code execution (rhbz#1252852).
                

References

SRPMS

4/core

5/core