MGASA-2021-0561
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 19 Dec 2021, 12:26
Last modified:16 Apr 2026, 04:24
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
19 Dec 2021, 12:26
Published
Vulnerability first disclosed
16 Apr 2026, 04:24
Last Modified
Vulnerability information updated
Description
Updated openssh packages fix security vulnerability Updated openssh packages fix security vulnerability: sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user (CVE-2021-41617).
Affected Systems
- mageia•openssh
< 8.4p1-2.2.mga8