LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Mageia alert MGASA-2012-0182 (mosh)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2012-0182: mosh-1.1.3-1.1.mga2 (2/core) 


Date:
    	      Sun, 29 Jul 2012 22:18:40 +0200


Message-ID:
    	      <20120729201840.GA29125@valstar.mageia.org>


Archive-link:
    	      Article, Thread
              


MGASA-2012-0182
Date: 	July 29th, 2012
Affected releases: 	2


Description:
Updated mosh package fixes security vulnerability:

Mosh versions 1.2 and earlier allow an application to cause the
mosh-server to consume large amounts of CPU time with a short ANSI
escape sequence. In addition, a malicious mosh-server can cause the
mosh-client to consume large amounts of CPU time with a short ANSI
escape sequence. This arises because there was no limit on the value
of the "repeat" parameter in some ANSI escape sequences, so even
large and nonsensical values would be interpreted by Mosh's terminal
emulator (CVE-2012-2385).


Updated Packages:
mosh-1.1.3-1.1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2385
http://lists.fedoraproject.org/pipermail/package-announce...
https://bugs.mageia.org/show_bug.cgi?id=6594
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds