Advisories » MGASA-2013-0268

Updated libdigidoc packages fix CVE-2013-5648

Publication date: 30 Aug 2013
Modification date: 30 Aug 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-5648

Description

Updated libdigidoc packages fix security vulnerability:

Fixed one critical bug in the DDOC parsing routines. By persuading a victim to
open a specially-crafted DDOC file, a remote attacker could exploit this
vulnerability to overwrite arbitrary files on the system with the privileges
of the victim (CVE-2013-5648).
                

References

• http://www.id.ee/?lang=en&id=34283#3_7_2
• https://bugs.mageia.org/show_bug.cgi?id=11100
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5648

SRPMS

3/core

• libdigidoc-3.6.0.0-3.1.mga3

2/core

• libdigidoc-2.7.1.59-1.1.mga2