Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Mageia 7: MGASA-2021-0118 Moderate: OpenSSH Info Leak Risk

mageia
Calendar Grey March 11, 2021
Dist Mageia Esm H88
A security patch for OpenSSH within the Mageia distribution addresses an information disclosure flaw that could result in possible man-in-the-middle exploits.
The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an information leak in the algorithm negotiation

Summary

The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client) (CVE-2020-14145).

References

- https://bugs.mageia.org/show_bug.cgi?id=27706

-

- https://www.cve.org/CVERecord?id=CVE-2020-14145

Topics%20covered

Topics Covered

security advisory moderate information leak update man-in-the-middle OpenSSH client-side Mageia mageia algorithm negotiation

Resolution

SRPMS

- 7/core/openssh-8.0p1-1.1.mga7

Publication date: 12 Mar 2021
URL: https://advisories.mageia.org/MGASA-2021-0118.html
Type: security
CVE: CVE-2020-14145

Topics%20covered

Topics Covered

security advisory moderate information leak update man-in-the-middle OpenSSH client-side Mageia mageia algorithm negotiation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here