|From:||Mageia Updates <firstname.lastname@example.org>|
|Subject:||[updates-announce] MGASA-2014-0080: Updated denyhosts package fixes security vulnerability|
|Date:||Mon, 17 Feb 2014 01:22:39 +0100|
MGASA-2014-0080 - Updated denyhosts package fixes security vulnerability Publication date: 17 Feb 2014 URL: http://advisories.mageia.org/MGASA-2014-0080.html Type: security Affected Mageia releases: 3 CVE: CVE-2013-6890 Description: Helmut Grohne discovered that denyhosts, a tool preventing SSH brute-force attacks, could be used to perform remote denial of service against the SSH daemon. Incorrectly specified regular expressions used to detect brute force attacks in authentication logs could be exploited by a malicious user to forge crafted login names in order to make denyhosts ban arbitrary IP addresses (CVE-2013-6890). This update also includes a fix for a regression introduced when fixing CVE-2013-6890. References: - https://bugs.mageia.org/show_bug.cgi?id=12092 - http://www.debian.org/security/2013/dsa-2826 - https://lists.debian.org/debian-security-announce/2014/ms... - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6890 SRPMS: - 3/core/denyhosts-2.6-4.4.mga3
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds