Mageia 9 golang-x-crypto Important Protocol Integrity Threat CVE-2023-48795

mageia

June 7, 2026

Security update

Summary

Description: fixes a protocol weakness in the golang.org/x/crypto/ssh package that allowed a MITM attacker to compromise the integrity of the secure channel before it was established, allowing them to prevent transmission of a number of messages immediately after the secure channel was established without either side being aware. The impact of this attack is relatively limited, as it does not compromise confidentiality of the channel. Notably this attack would allow an attacker to prevent the transmission of the SSH2_MSG_EXT_INFO message, disabling a handful of newer security features.

References

- https://bugs.mageia.org/show_bug.cgi?id=32674

- https://www.openwall.com/lists/oss-security/2023/12/18/3

- https://www.openwall.com/lists/oss-security/2023/12/19/5

- https://www.openwall.com/lists/oss-security/2023/12/20/3

- https://www.cve.org/CVERecord?id=CVE-2023-48795

Topics Covered

security advisory important man-in-the-middle protocol integrity Mageia

Resolution

Warning: Undefined array key "block" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/70453_e054056aed0948774f0d9dcb331a22bc on line 17

Warning: Undefined array key "block" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/70453_e054056aed0948774f0d9dcb331a22bc on line 21

Warning: foreach() argument must be of type array|object, null given in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/70453_e054056aed0948774f0d9dcb331a22bc on line 21

SRPMS

- 9/core/golang-x-crypto-0.45.0-1.mga9

- 9/core/golang-x-sys-0.30.0-2.mga9

Severity

important

Lowest

Low

Medium

High

Critical

Publication date: 07 Jun 2026

URL: https://advisories.mageia.org/MGASA-2026-0179.html

Type: security

CVE: CVE-2023-48795

Topics Covered

security advisory important man-in-the-middle protocol integrity Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Mageia 9 golang-x-crypto Important Protocol Integrity Threat CVE-2023-48795

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Mageia 9 golang-x-crypto Important Protocol Integrity Threat CVE-2023-48795

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!