Bug 19627

Summary: openssh new security issue CVE-2016-8858
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Guillaume Rousse <guillomovitch>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: openssh-7.3p1-2.mga6.src.rpm CVE:
Status comment:

Description David Walser 2016-10-19 23:43:48 CEST 
A CVE has been assigned for a security issues fixed upstream in openssh:
http://openwall.com/lists/oss-security/2016/10/19/9

I believe this is the patch they were referring to to fix it:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c.diff?r1=1.126&r2=1.127

Mageia 5 may also be affected.
Comment 1 David Walser 2016-10-23 21:55:58 CEST 
Fixed in Cauldron by Guillaume.  Code in Mageia 5 is different enough that it isn't obvious that it's affected.  Will re-open if we find out otherwise.

Status: NEW => RESOLVED
Resolution: (none) => FIXED