{"id":"MGASA-2017-0165","summary":"Updated dropbear packages fix security vulnerability","details":"A double-free in the server could be triggered by an authenticated user if\ndropbear is running with -a (CVE-2017-9078). The default Mageia\nconfiguration does not set -a, so is not vulnerable\n\nDropbear parsed authorized_keys as root, even if it were a symlink. The\nfix is to switch to user permissions when opening authorized_keys\n(CVE-2017-9079)\n","modified":"2026-04-16T01:49:13.408087968Z","published":"2017-06-10T07:01:18Z","upstream":["CVE-2017-9078","CVE-2017-9079"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0165.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20901"},{"type":"WEB","url":"https://matt.ucc.asn.au/dropbear/CHANGES"}],"affected":[{"package":{"name":"dropbear","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/dropbear?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2014.66-1.3.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0165.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}