MGASA-2026-0179

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2026-0179.html

Import Source

https://advisories.mageia.org/MGASA-2026-0179.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2026-0179

Upstream

CVE-2023-48795

Published

2026-06-07T05:10:04Z

Modified

2026-06-07T05:15:04.309132901Z

Summary

Updated golang-x-crypto & golang-x-sys-devel packages fix security vulnerability

Details

fixes a protocol weakness in the golang.org/x/crypto/ssh package that allowed a MITM attacker to compromise the integrity of the secure channel before it was established, allowing them to prevent transmission of a number of messages immediately after the secure channel was established without either side being aware. The impact of this attack is relatively limited, as it does not compromise confidentiality of the channel. Notably this attack would allow an attacker to prevent the transmission of the SSH2MSGEXT_INFO message, disabling a handful of newer security features.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / golang-x-crypto

Package

Name: golang-x-crypto
Purl: pkg:rpm/mageia/golang-x-crypto?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.45.0-1.mga9

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2026-0179.json"

Mageia:9 / golang-x-sys

Package

Name: golang-x-sys
Purl: pkg:rpm/mageia/golang-x-sys?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.30.0-2.mga9

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2026-0179.json"