Advisories ยป MGASA-2014-0319

Updated readline packages fix security vulnerability

Publication date: 06 Aug 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-2524

Description

Steve Kemp discovered the _rl_tropen() function in readline insecurely handled
a temporary file. This could allow a local attacker to perform symbolic link
attacks (CVE-2014-2524).

Also, upstream patches have been added to fix an infinite loop in vi input
mode, and to fix an issue with slowness when pasting text.
                

References

SRPMS

4/core

3/core