Advisories » MGASA-2020-0216

Updated nmap packages fix security vulnerability

Publication date: 24 May 2020
Modification date: 24 May 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2017-18594

Description

Updated nmap packages fix security vulnerability:

nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition
due to a double free when an SSH connection fails, as demonstrated by a
leading \n character to ssh-brute.nse or ssh-auth-methods.nse
(CVE-2017-18594).

Also, when a server forced a protocol and did not return TLS ALPN extension,
this caused an infinite loop.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=25770
• https://github.com/nmap/nmap/commit/3b8b6516a7697d8b6d4cd87e253daa369fcdbf2a
• https://lists.opensuse.org/opensuse-updates/2019-09/msg00156.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18594

SRPMS

7/core

• nmap-7.70-2.2.mga7