Upstream has issued an advisory today (April 9):
The issue is fixed upstream in 0.8.9 and 0.9.4:
Mageia 7 is also affected.
Fixed upstream in 0.8.9 and 0.9.4
Updated packages uploaded by David Geiger.
Updated libssh packages fix security vulnerability:
A malicious client or server could crash the counterpart implemented with
libssh AES-CTR ciphers are used and don't get fully initialized. It will crash
when it tries to cleanup the AES-CTR ciphers when closing the connection
Updated packages in core/updates_testing:
libssh-0.9.3-2.mga8.src.rpm, libssh-0.8.8-1.mga7.src.rpm =>
Fixed upstream in 0.8.9 and 0.9.4 =>
Ubuntu has issued an advisory for this today (April 9):
MGA7-64 Plasma on Lenovo B50
No installation issues.
Ref to bug 25865 Comment 6 for testing.
So at CLI:
$ strace -o lib64ssh4.txt remmina
StatusNotifier/Appindicator support: your desktop does support it and libappindicator is compiled in remmina. Good!
WARNING: Remmina is running without a secret plugin. Passwords will be saved in a less secure way.
and a few more wernings
Connected remmina to my desktop and that worked OK.
openat(AT_FDCWD, "/lib64/libssh.so.4", O_RDONLY|O_CLOEXEC) = 3
So all seems OK.
Validating. Advisory in Comment 1.
An update for this issue has been pushed to the Mageia Updates repository.