MGASA-2017-0165 Updated dropbear packages fix security vulnerability
A double-free in the server could be triggered by an authenticated user if dropbear is running with -a CVE-2017-9078. The default Mageia configuration does not set -a, so is not vulnerable Dropbear parsed authorizedkeys as root, even if it were a symlink. The fix is to switch to user permissions...