Advisories » MGASA-2014-0271

Updated smb4k packages fix CVE-2014-2581

Publication date: 20 Jun 2014
Modification date: 20 Jun 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-2581

Description

Updated smb4k packages fix security vulnerability:

Smb4k before 1.1.1 allows the cruid CIFS mount option to be specified
by the user (CVE-2014-2581).

The smb4k package has been updated to version 1.1.2, which fixes this
issue and also contains several other bug fixes and additions.
                

References

• http://sourceforge.net/projects/smb4k/files/1.1.0/
• http://sourceforge.net/projects/smb4k/files/1.1.1/
• http://sourceforge.net/projects/smb4k/files/1.1.2/
• https://lists.fedoraproject.org/pipermail/package-announce/2014-June/133901.html
• https://bugs.mageia.org/show_bug.cgi?id=13478
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2581

SRPMS

4/core

• smb4k-1.1.2-1.mga4

3/core

• smb4k-1.1.2-1.mga3