Advisories ยป MGASA-2014-0274

Updated ctdb package fixes CVE-2013-4159

Publication date: 27 Jun 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-4159

Description

Updated ctdb packages fix security vulnerability:

ctdb before 2.5 is vulnerable to symlink attacks to due the use of
predictable filenames in /tmp, such as /tmp/ctdb.socket
(CVE-2013-4159).
                

References

SRPMS

4/core

3/core