MGASA-2021-0014

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0014.html

Import Source

https://advisories.mageia.org/MGASA-2021-0014.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2021-0014

Related

CVE-2020-14929

Published

2021-01-10T19:46:12Z

Modified

2021-01-10T18:57:05Z

Summary

Updated alpine and c-client packages fix security vulnerability

Details

Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do (CVE-2020-14929).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / alpine

Package

Name: alpine
Purl: pkg:rpm/mageia/alpine?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.11-5.1.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / c-client

Package

Name: c-client
Purl: pkg:rpm/mageia/c-client?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2007f-13.1.mga7

Ecosystem specific

{
    "section": "core"
}