| Summary: | jsch new security issue CVE-2016-5725 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, geiger.david68210, sysadmin-bugs |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/699682/ | ||
| Whiteboard: | advisory MGA5-32-OK | ||
| Source RPM: | jsch-0.1.53-5.mga6.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2016-09-06 19:30:03 CEST
Fixed for mga5 and freeze push requested for Cauldron. CC:
(none) =>
geiger.david68210 Thanks David! Advisory: ======================== Updated jsch packages fix security vulnerability: It was discovered that there was a path traversal vulnerability in jsch (CVE-2016-5725). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5725 http://lwn.net/Alerts/699659/ ======================== Updated packages in core/updates_testing: ======================== jsch-0.1.51-4.1.mga5 jsch-javadoc-0.1.51-4.1.mga5 jsch-demo-0.1.51-4.1.mga5 from jsch-0.1.51-4.1.mga5.src.rpm Version:
Cauldron =>
5 Got https://gist.githubusercontent.com/ymnk/2318108/raw/82819389a225265c2aa4ca11afc0b35e938607fe/Shell.java to compile with "javac -cp /usr/share/java/jsch.jar Shell.java", but ran into usual problems testing java programs, so validating based it the update installing cleanly, and the example compiling ok. Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0311.html Status:
NEW =>
RESOLVED |