19012 – openssh new security issue CVE-2016-6210

Bug 19012 - openssh new security issue CVE-2016-6210

Summary: openssh new security issue CVE-2016-6210

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	Guillaume Rousse
QA Contact:	Sec team

URL:	http://lwn.net/Vulnerabilities/695098/
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2016-07-21 19:13 CEST by David Walser
Modified:	2016-07-26 21:33 CEST (History)
CC List:	0 users

See Also:
Source RPM:	openssh-6.6p1-5.7.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2016-07-21 19:13:48 CEST

Fedora has issued an advisory on July 20:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/63LLZJD4MOKC26TFJIDXRWFT33ICG6PR/

They added a patch to fix it in this commit:
http://pkgs.fedoraproject.org/cgit/rpms/openssh.git/commit/?h=f24&id=1057900209feeb4b7db2a17ffc513c5f406a45b5

My understanding is that, as we use Blowfish on Mageia 5, we're not really affected there, but as Cauldron is apparently being switched to use sha512, we will be affected there.

Comment 1 Guillaume Rousse 2016-07-26 21:33:47 CEST

Fixed in 7.2p2-3.mga6.

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.