MGASA-2022-0086 - Updated mc packages fix security vulnerability Publication date: 06 Mar 2022 URL: https://advisories.mageia.org/MGASA-2022-0086.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-36370 An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity. (CVE-2021-36370) References: - https://bugs.mageia.org/show_bug.cgi?id=30107 - https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5SJPZ2MSI7IPFCS5TFZZVXF4NN6XKYKJ/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36370 SRPMS: - 8/core/mc-4.8.27-1.mga8
Mageia 2022-0086: mc security update
An issue was discovered in Midnight Commander through 4.8.26
Summary
An issue was discovered in Midnight Commander through 4.8.26. When
establishing an SFTP connection, the fingerprint of the server is neither
checked nor displayed. As a result, a user connects to the server without
the ability to verify its authenticity. (CVE-2021-36370)
References
- https://bugs.mageia.org/show_bug.cgi?id=30107
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5SJPZ2MSI7IPFCS5TFZZVXF4NN6XKYKJ/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36370
Resolution
MGASA-2022-0086 - Updated mc packages fix security vulnerability
SRPMS
- 8/core/mc-4.8.27-1.mga8
Severity
Publication date: 06 Mar 2022
URL: https://advisories.mageia.org/MGASA-2022-0086.html
Type: security
CVE: CVE-2021-36370
News
HOWTOs
About Us
Powered By
