MGASA-2018-0006

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2016-10012 CVE-2017-15906

Published: 01 Jan 2018, 10:38

Last modified:16 Apr 2026, 06:25

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

01 Jan 2018, 10:38

Published

Vulnerability first disclosed

16 Apr 2026, 06:25

Last Modified

Vulnerability information updated

Description

Updated openssh packages fix security vulnerability It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged monitor process (CVE-2016-10012). The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files (CVE-2017-15906).

Affected Systems

mageia•openssh
< 6.6p1-5.10.mga5

MGASA-2018-0006

Vulnerability Summary

Timeline

Description

Affected Systems

References (4)