Nom du paquet
mosh
Date
2013-04-10
Advisory ID
MDVSA-2013:104
Affected versions
MBS1 x86_64

Problem description

Updated mosh package fixes security vulnerability:

Mosh versions 1.2 and earlier allow an application to cause the
mosh-server to consume large amounts of CPU time with a short ANSI
escape sequence. In addition, a malicious mosh-server can cause the
mosh-client to consume large amounts of CPU time with a short ANSI
escape sequence. This arises because there was no limit on the value
of the repeat parameter in some ANSI escape sequences, so even large
and nonsensical values would be interpreted by Mosh's terminal emulator
(CVE-2012-2385).

Updated packages

MBS1 x86_64

 8dbc4e336eabdac0478ca8d9a6d9f407  mbs1/x86_64/mosh-1.1.3-2.1.mbs1.x86_64.rpm 
 2e83953c0a0358c7922e80eef8fe5b3c  mbs1/SRPMS/mosh-1.1.3-2.1.mbs1.src.rpm

References