Debian-LTS has issued an advisory on August 1: https://www.debian.org/lts/security/2020/dla-2303 Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
Ubuntu has issued an advisory for this today (August 4): https://ubuntu.com/security/notices/USN-4447-1
Done for both Cauldron and mga7!
CC: (none) => geiger.david68210
Advisory: ======================== Updated libssh packages fix security vulnerability: The code in src/sftpserver.c did not verify the validity of certain pointers and expected them to be valid. A NULL pointer dereference could have been occurred that typically causes a crash and thus a denial-of-service (CVE-2020-16135). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16135 https://www.debian.org/lts/security/2020/dla-2303 ======================== Updated packages in core/updates_testing: ======================== libssh4-0.8.9-1.1.mga7 libssh-devel-0.8.9-1.1.mga7 from libssh-0.8.9-1.1.mga7.src.rpm
Version: Cauldron => 7Assignee: bugsquad => qa-bugsWhiteboard: MGA7TOO => (none)
MGA7-64 Plasma on Lenovo B50 No installation issues. ref bug 26462 for testing Used remmina to connect tomy desktop PC, works OK
Whiteboard: (none) => MGA7-64-OKCC: (none) => herman.viaene
Validating. Advisory in Comment 3.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0324.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED