Advisories » MGASA-2014-0277

Updated iodine packages fix CVE-2014-4168

Publication date: 27 Jun 2014
Modification date: 27 Jun 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-4168

Description

Updated iodine packages fix security vulnerability:

Oscar Reparaz discovered an authentication bypass vulnerability in iodine,
a tool for tunneling IPv4 data through a DNS server. A remote attacker
could provoke a server to accept the rest of the setup or also network
traffic by exploiting this flaw (CVE-2014-4168).
                

References

• https://www.debian.org/security/2014/dsa-2964
• https://bugs.mageia.org/show_bug.cgi?id=13581
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4168

SRPMS

4/core

• iodine-0.6.0-0.rc1.4.mga4

3/core

• iodine-0.6.0-0.rc1.3.mga3