MGASA-2016-0108

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2016-0108.html

Import Source

https://advisories.mageia.org/MGASA-2016-0108.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2016-0108

Related

CVE-2016-3115

Published

2016-03-10T23:37:43Z

Modified

2016-03-10T23:32:13Z

Summary

Updated openssh packages fix security vulnerability

Details

Missing sanitisation of untrusted input allows an authenticated user who is able to request X11 forwarding to inject commands to xauth(1) (CVE-2016-3115).

References

https://advisories.mageia.org/MGASA-2016-0108.html
https://bugs.mageia.org/show_bug.cgi?id=17944
http://www.openssh.com/txt/x11fwd.adv
http://openwall.com/lists/oss-security/2016/03/10/16

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / openssh

Package

Name: openssh
Purl: pkg:rpm/mageia/openssh?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6p1-5.7.mga5

Ecosystem specific

{
    "section": "core"
}