{"id":"MGASA-2018-0006","summary":"Updated openssh packages fix security vulnerability","details":"It was found that the boundary checks in the code implementing support for\npre-authentication compression could have been optimized out by certain\ncompilers. An attacker able to compromise the privilege-separated process\ncould possibly use this flaw for further attacks against the privileged\nmonitor process (CVE-2016-10012).\n\nThe process_open function in sftp-server.c in OpenSSH before 7.6 does not\nproperly prevent write operations in readonly mode, which allows attackers\nto create zero-length files (CVE-2017-15906).\n","modified":"2026-04-16T06:25:46.063078725Z","published":"2018-01-01T10:38:51Z","upstream":["CVE-2016-10012","CVE-2017-15906"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0006.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=19987"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1406293"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VZIQDU7D6MLXFXZ4R3ZG2FCH6EDR3MBD/"}],"affected":[{"package":{"name":"openssh","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/openssh?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.6p1-5.10.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0006.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}