Advisories ยป MGASA-2013-0304

Updated davfs2 packages fix CVE-2013-4362

Publication date: 11 Oct 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-4362

Description

Updated davfs2 package fixes security vulnerability:

Davfs2, a filesystem client for WebDAV, calls the function system()
insecurely while is setuid root. This might allow a privilege escalation.
(CVE-2013-4362)
                

References

SRPMS

2/core

3/core