{"id":"MGASA-2014-0080","summary":"Updated denyhosts package fixes security vulnerability","details":"Helmut Grohne discovered that denyhosts, a tool preventing SSH brute-force\nattacks, could be used to perform remote denial of service against the SSH\ndaemon. Incorrectly specified regular expressions used to detect brute\nforce attacks in authentication logs could be exploited by a malicious\nuser to forge crafted login names in order to make denyhosts ban arbitrary\nIP addresses (CVE-2013-6890).\n\nThis update also includes a fix for a regression introduced when fixing\nCVE-2013-6890.\n","modified":"2026-04-16T06:25:35.994198099Z","published":"2014-02-17T00:22:31Z","upstream":["CVE-2013-6890"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0080.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=12092"},{"type":"WEB","url":"http://www.debian.org/security/2013/dsa-2826"},{"type":"WEB","url":"https://lists.debian.org/debian-security-announce/2014/msg00018.html"}],"affected":[{"package":{"name":"denyhosts","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/denyhosts?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.6-4.4.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0080.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}