Advisories ยป MGASA-2020-0216

Updated nmap packages fix security vulnerability

Publication date: 24 May 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2017-18594

Description

Updated nmap packages fix security vulnerability:

nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition
due to a double free when an SSH connection fails, as demonstrated by a
leading \n character to ssh-brute.nse or ssh-auth-methods.nse
(CVE-2017-18594).

Also, when a server forced a protocol and did not return TLS ALPN extension,
this caused an infinite loop.
                

References

SRPMS

7/core