Advisories ยป MGASA-2019-0043

Updated libssh packages fix security vulnerability

Publication date: 20 Jan 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-10933

Description

libssh versions 0.6 and above have an authentication bypass
vulnerability in the server code.  By presenting the server an
SSH2_MSG_USERAUTH_SUCCESS message in place of the
SSH2_MSG_USERAUTH_REQUEST message which the server would expect to
initiate authentication, the attacker could successfully authentciate
without any credentials (CVE-2018-10933).
                

References

SRPMS

6/core