MGASA-2021-0118

Source
https://advisories.mageia.org/MGASA-2021-0118.html
Import Source
https://advisories.mageia.org/MGASA-2021-0118.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2021-0118
Related
Published
2021-03-12T01:25:47Z
Modified
2021-03-12T00:12:55Z
Summary
Updated openssh packages fix a security vulnerability
Details

The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client) (CVE-2020-14145).

References
Credits

Affected packages

Mageia:7 / openssh

Package

Name
openssh
Purl
pkg:rpm/mageia/openssh?arch=source&distro=mageia-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0p1-1.1.mga7

Ecosystem specific

{
    "section": "core"
}