Advisories ยป MGASA-2014-0025

Updated perl-Proc-Daemon package fixes CVE-2013-7135

Publication date: 24 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-7135

Description

Updated perl-Proc-Daemon package fixes security vulnerability:

It was reported that perl-Proc-Daemon, when instructed to write a pid file,
does that with a umask set to 0, so the pid file ends up with mode 666,
allowing any user on the system to overwrite it (CVE-2013-7135).
                

References

SRPMS

3/core