Updated ctdb package fixes CVE-2013-4159
Publication date: 27 Jun 2014Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-4159
Description
Updated ctdb packages fix security vulnerability: ctdb before 2.5 is vulnerable to symlink attacks to due the use of predictable filenames in /tmp, such as /tmp/ctdb.socket (CVE-2013-4159).
References
SRPMS
4/core
- ctdb-1.2.46-4.1.mga4
3/core
- ctdb-1.2.46-3.1.mga3