Advisories » MGASA-2014-0025

Updated perl-Proc-Daemon package fixes CVE-2013-7135

Publication date: 24 Jan 2014
Modification date: 24 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-7135

Description

Updated perl-Proc-Daemon package fixes security vulnerability:

It was reported that perl-Proc-Daemon, when instructed to write a pid file,
does that with a umask set to 0, so the pid file ends up with mode 666,
allowing any user on the system to overwrite it (CVE-2013-7135).
                

References

• https://lists.fedoraproject.org/pipermail/package-announce/2013-December/125133.html
• https://bugs.mageia.org/show_bug.cgi?id=12157
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7135

SRPMS

3/core

• perl-Proc-Daemon-0.140.0-2.1.mga3