Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

Mageia 9 golang-x-crypto Important Protocol Integrity Threat CVE-2023-48795

mageia
Calendar Grey June 7, 2026
Dist Mageia Esm H88
A security update addressing a protocol weakness in Mageia's golang-x-crypto package. Critical integrity issue resolved.
Security update

Summary

Description: fixes a protocol weakness in the golang.org/x/crypto/ssh package that allowed a MITM attacker to compromise the integrity of the secure channel before it was established, allowing them to prevent transmission of a number of messages immediately after the secure channel was established without either side being aware. The impact of this attack is relatively limited, as it does not compromise confidentiality of the channel. Notably this attack would allow an attacker to prevent the transmission of the SSH2_MSG_EXT_INFO message, disabling a handful of newer security features.

References

- https://bugs.mageia.org/show_bug.cgi?id=32674

- https://www.openwall.com/lists/oss-security/2023/12/18/3

- https://www.openwall.com/lists/oss-security/2023/12/19/5

- https://www.openwall.com/lists/oss-security/2023/12/20/3

- https://www.cve.org/CVERecord?id=CVE-2023-48795

Resolution

SRPMS

- 9/core/golang-x-crypto-0.45.0-1.mga9

- 9/core/golang-x-sys-0.30.0-2.mga9

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 07 Jun 2026 
URL: https://advisories.mageia.org/MGASA-2026-0179.html
Type: security
CVE: CVE-2023-48795

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here