Advisories » MGASA-2020-0171

Updated libssh packages fix security vulnerability

Publication date: 15 Apr 2020
Modification date: 15 Apr 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-1730

Description

Updated libssh packages fix security vulnerability:

A malicious client or server could crash the counterpart implemented
with libssh AES-CTR ciphers are used and don't get fully initialized.
It will crash when it tries to cleanup the AES-CTR ciphers when
closing the connection (CVE-2020-1730).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=26462
• https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1730

SRPMS

7/core

• libssh-0.8.9-1.mga7