User: Password:
|
|
Subscribe / Log in / New account

Mageia alert MGASA-2014-0080 (denyhosts)

From:  Mageia Updates <buildsystem-daemon@mageia.org>
To:  updates-announce@ml.mageia.org
Subject:  [updates-announce] MGASA-2014-0080: Updated denyhosts package fixes security vulnerability
Date:  Mon, 17 Feb 2014 01:22:39 +0100
Message-ID:  <20140217002239.CA01A5C6D1@valstar.mageia.org>

MGASA-2014-0080 - Updated denyhosts package fixes security vulnerability Publication date: 17 Feb 2014 URL: http://advisories.mageia.org/MGASA-2014-0080.html Type: security Affected Mageia releases: 3 CVE: CVE-2013-6890 Description: Helmut Grohne discovered that denyhosts, a tool preventing SSH brute-force attacks, could be used to perform remote denial of service against the SSH daemon. Incorrectly specified regular expressions used to detect brute force attacks in authentication logs could be exploited by a malicious user to forge crafted login names in order to make denyhosts ban arbitrary IP addresses (CVE-2013-6890). This update also includes a fix for a regression introduced when fixing CVE-2013-6890. References: - https://bugs.mageia.org/show_bug.cgi?id=12092 - http://www.debian.org/security/2013/dsa-2826 - https://lists.debian.org/debian-security-announce/2014/ms... - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6890 SRPMS: - 3/core/denyhosts-2.6-4.4.mga3


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds