Advisories ยป MGASA-2021-0380

Updated filezilla packages fix security vulnerability

Publication date: 27 Jul 2021
Type: security
Affected Mageia releases : 8
CVE: CVE-2020-14002

Description

filezilla embeds a PuTTY client that was vulnerable:
PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an
information leak in the algorithm negotiation. This allows man-in-the-middle
attackers to target initial connection attempts (where no host key for the 
server has been cached by the client) (CVE-2020-14002).

The filezilla packages are updated to fix this issue to 3.55.0 version among
other bugfixes since 3.51.0 we shipped in Mageia 8. See upstream release notes
for more informations.
                

References

SRPMS

8/core