MGASA-2013-0318

Source
https://advisories.mageia.org/MGASA-2013-0318.html
Import Source
https://advisories.mageia.org/MGASA-2013-0318.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2013-0318
Related
Published
2013-10-25T21:10:23Z
Modified
2013-10-25T21:10:12Z
Summary
Updated dropbear packages fix CVE-2013-4421
Details

Updated dropbear package fixes security vulnerability:

Possible memory exhaustion denial of service due to the size of decompressed payloads in dropbear before 2013.59 (CVE-2013-4421).

Inconsistent delays in authorization failures could be used to disclose the existence of valid user accounts in dropbear before 2013.59 (CVE-2013-4434).

References
Credits

Affected packages

Mageia:2 / dropbear

Package

Name
dropbear
Purl
pkg:rpm/mageia/dropbear?distro=mageia-2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2013.59-1.mga2

Ecosystem specific

{
    "section": "core"
}

Mageia:3 / dropbear

Package

Name
dropbear
Purl
pkg:rpm/mageia/dropbear?distro=mageia-3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2013.59-1.mga3

Ecosystem specific

{
    "section": "core"
}