Mageia alert MGASA-2016-0118 (filezilla)

From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2016-0118: Updated filezilla packages fix security vulnerability 
Date:
    	       Fri, 25 Mar 2016 07:39:07 +0100
Message-ID:
    	       <20160325063907.EEFF89F640@duvel.mageia.org>
MGASA-2016-0118 - Updated filezilla packages fix security vulnerability

Publication date: 25 Mar 2016
URL: http://advisories.mageia.org/MGASA-2016-0118.html

Type: security
Affected Mageia releases: 5
CVE: CVE-2016-2563

Description:
Many versions of PSCP in PuTTY prior to 0.67 have a stack corruption
vulnerability in their treatment of the 'sink' direction (i.e. downloading
from server to client) of the old-style SCP protocol. In order for this
vulnerability to be exploited, the user must connect to a malicious server
and attempt to download any file (CVE-2016-2563).

FileZilla was vulnerable to this issue as it bundles a copy of PuTTY.  The
filezilla package has been updated to version 3.16.1, which fixes this
issue and has many other fixes and enhancements.

References:
- https://bugs.mageia.org/show_bug.cgi?id=17943

- http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlis...
- http://www.chiark.greenend.org.uk/~sgtatham/putty/changes...
- https://filezilla-project.org/

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2563

SRPMS:
- 5/core/filezilla-3.16.1-1.mga5
- 5/core/libfilezilla-0.4.0.1-1.mga5
- 5/core/pugixml-1.7-1.mga5

From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2016-0118: Updated filezilla packages fix security vulnerability
Date:		Fri, 25 Mar 2016 07:39:07 +0100
Message-ID:		<20160325063907.EEFF89F640@duvel.mageia.org>