[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2016-0280":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":20,"duplicates":21,"related":22,"reserved_at":9,"published_at":26,"modified_at":27,"state":9,"summary":28,"references_raw":30,"kevs":55,"epss":9,"epss_history":56,"metrics":57,"affected":58},"MGASA-2016-0280","Updated openssh packages fix security vulnerability\n\nThe do_setup_env function in session.c in sshd in OpenSSH through 7.2p2,\nwhen the UseLogin feature is enabled and PAM is configured to read\n.pam_environment files in user home directories, allows local users to\ngain privileges by triggering a crafted environment for the /bin/login\nprogram, as demonstrated by an LD_PRELOAD environment variable\n(CVE-2015-8325).\n\nWhen SSHD tries to authenticate a non-existing user, it will pick up a\nfake password structure hard-coded in the SSHD source code. An attacker\ncan measure timing information to determine if a user exists when\nverifying a password (CVE-2016-6210).\n\nThe auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3\ndoes not limit password lengths for password authentication, which allows\nremote attackers to cause a denial of service (crypt CPU consumption) via\na long string (CVE-2016-6515).\n\nNote that CVE-2015-8325 and CVE-2016-6210 wouldn't affect most Mageia\nsystems, as UseLogin is not enabled by default and Mageia uses Blowfish\npassword hashes by default.\n",null,[],[],[],[14,16,18],{"_key":15},"CVE-2015-8325",{"_key":17},"CVE-2016-6210",{"_key":19},"CVE-2016-6515",[],[],[23,24,25],{"_key":15},{"_key":17},{"_key":19},"2016-08-31T15:32:33Z","2026-04-16T06:25:38.466293777Z",{"cisa_kev":29,"cisa_ransomware":29,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[31,37,42,47,51],{"url":32,"sources":33,"tags":35},"https://advisories.mageia.org/MGASA-2016-0280.html",[34],"osv_mageia",[36],"Advisory",{"url":38,"sources":39,"tags":40},"https://bugs.mageia.org/show_bug.cgi?id=18222",[34],[41],"REPORT",{"url":43,"sources":44,"tags":45},"https://www.debian.org/security/2016/dsa-3550",[34],[41,46],"WEB",{"url":48,"sources":49,"tags":50},"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-6210",[34],[41,36],{"url":52,"sources":53,"tags":54},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/X2L6RW34VFNXYNVVN2CN73YAGJ5VMTFU/",[34],[41,46],[],[],[],[59],{"ecosystem":60,"name":61,"vendor":62,"product":61,"cpe_part":9,"purl_type":63,"purl_namespace":62,"purl_name":61,"source":9,"versions":64},"Mageia","openssh","mageia","rpm",[65],{"version":66,"is_range":67,"range_type":68,"version_start":9,"version_start_type":9,"version_end":69,"version_end_type":70,"fixed_in":9},"lt6_6p1_5_9_mga5",true,"ecosystem","6.6p1-5.9.mga5","excluding"]