{ "schema_version": "1.7.0", "id": "MGASA-2026-0179", "published": "2026-06-07T05:10:04Z", "modified": "2026-06-07T04:25:43Z", "summary": "Updated golang-x-crypto & golang-x-sys-devel packages fix security vulnerability", "details": "fixes a protocol weakness in the golang.org/x/crypto/ssh package that\nallowed a MITM attacker to compromise the integrity of the secure\nchannel before it was established, allowing them to prevent transmission\nof a number of messages immediately after the secure channel was\nestablished without either side being aware.\nThe impact of this attack is relatively limited, as it does not\ncompromise confidentiality of the channel. Notably this attack would\nallow an attacker to prevent the transmission of the SSH2_MSG_EXT_INFO\nmessage, disabling a handful of newer security features.\n", "upstream": [ "CVE-2023-48795" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2026-0179.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=32674" }, { "type": "WEB", "url": "https://www.openwall.com/lists/oss-security/2023/12/18/3" }, { "type": "WEB", "url": "https://www.openwall.com/lists/oss-security/2023/12/19/5" }, { "type": "WEB", "url": "https://www.openwall.com/lists/oss-security/2023/12/20/3" } ], "affected": [ { "package": { "ecosystem": "Mageia:9", "name": "golang-x-crypto", "purl": "pkg:rpm/mageia/golang-x-crypto?arch=source&distro=mageia-9" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "0.45.0-1.mga9" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:9", "name": "golang-x-sys", "purl": "pkg:rpm/mageia/golang-x-sys?arch=source&distro=mageia-9" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "0.30.0-2.mga9" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }