Bug 19627 - openssh new security issue CVE-2016-8858
Summary: openssh new security issue CVE-2016-8858
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Guillaume Rousse
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-10-19 23:43 CEST by David Walser
Modified: 2016-10-23 21:55 CEST (History)
0 users

See Also:
Source RPM: openssh-7.3p1-2.mga6.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2016-10-19 23:43:48 CEST 
A CVE has been assigned for a security issues fixed upstream in openssh:
http://openwall.com/lists/oss-security/2016/10/19/9

I believe this is the patch they were referring to to fix it:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c.diff?r1=1.126&r2=1.127

Mageia 5 may also be affected.
Comment 1 David Walser 2016-10-23 21:55:58 CEST 
Fixed in Cauldron by Guillaume.  Code in Mageia 5 is different enough that it isn't obvious that it's affected.  Will re-open if we find out otherwise.

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.