Bug 19012

Summary: openssh new security issue CVE-2016-6210
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Guillaume Rousse <guillomovitch>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/695098/
Whiteboard:
Source RPM: openssh-6.6p1-5.7.mga5.src.rpm CVE:
Status comment:

Description David Walser 2016-07-21 19:13:48 CEST 
Fedora has issued an advisory on July 20:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/63LLZJD4MOKC26TFJIDXRWFT33ICG6PR/

They added a patch to fix it in this commit:
http://pkgs.fedoraproject.org/cgit/rpms/openssh.git/commit/?h=f24&id=1057900209feeb4b7db2a17ffc513c5f406a45b5

My understanding is that, as we use Blowfish on Mageia 5, we're not really affected there, but as Cauldron is apparently being switched to use sha512, we will be affected there.
Comment 1 Guillaume Rousse 2016-07-26 21:33:47 CEST 
Fixed in 7.2p2-3.mga6.

Status: NEW => RESOLVED
Resolution: (none) => FIXED