{"id":"MGASA-2021-0561","summary":"Updated openssh packages fix security vulnerability","details":"Updated openssh packages fix security vulnerability:\n\nsshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default\nconfigurations are used, allows privilege escalation because supplemental\ngroups are not initialized as expected. Helper programs for\nAuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with\nprivileges associated with group memberships of the sshd process, if the\nconfiguration specifies running the command as a different user\n(CVE-2021-41617).\n","modified":"2026-02-04T03:04:00.726677Z","published":"2021-12-19T12:26:08Z","related":["CVE-2021-41617"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0561.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29517"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2021/09/26/1"}],"affected":[{"package":{"name":"openssh","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/openssh?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.4p1-2.2.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0561.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}