| Summary: | libssh new security issue CVE-2020-16135 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | andrewsfarm, davidwhodgins, geiger.david68210, herman.viaene, sysadmin-bugs |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | libssh-0.9.4-1.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2020-08-05 00:03:04 CEST
David Walser
2020-08-05 00:03:10 CEST
Whiteboard:
(none) =>
MGA7TOO Ubuntu has issued an advisory for this today (August 4): https://ubuntu.com/security/notices/USN-4447-1 Done for both Cauldron and mga7! CC:
(none) =>
geiger.david68210 Advisory: ======================== Updated libssh packages fix security vulnerability: The code in src/sftpserver.c did not verify the validity of certain pointers and expected them to be valid. A NULL pointer dereference could have been occurred that typically causes a crash and thus a denial-of-service (CVE-2020-16135). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16135 https://www.debian.org/lts/security/2020/dla-2303 ======================== Updated packages in core/updates_testing: ======================== libssh4-0.8.9-1.1.mga7 libssh-devel-0.8.9-1.1.mga7 from libssh-0.8.9-1.1.mga7.src.rpm Version:
Cauldron =>
7 MGA7-64 Plasma on Lenovo B50 No installation issues. ref bug 26462 for testing Used remmina to connect tomy desktop PC, works OK Whiteboard:
(none) =>
MGA7-64-OK Validating. Advisory in Comment 3. Keywords:
(none) =>
validated_update
Dave Hodgins
2020-08-18 17:16:12 CEST
CC:
(none) =>
davidwhodgins An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0324.html Resolution:
(none) =>
FIXED |