Updated openssh packages fix security vulnerability
Publication date: 31 Dec 2017Modification date: 31 Dec 2017
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-15906
Description
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files (CVE-2017-15906).
References
SRPMS
6/core
- openssh-7.5p1-2.1.mga6