Advisories » MGASA-2014-0319

Updated readline packages fix security vulnerability

Publication date: 06 Aug 2014
Modification date: 06 Aug 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-2524

Description

Steve Kemp discovered the _rl_tropen() function in readline insecurely handled
a temporary file. This could allow a local attacker to perform symbolic link
attacks (CVE-2014-2524).

Also, upstream patches have been added to fix an infinite loop in vi input
mode, and to fix an issue with slowness when pasting text.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=13512
• https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135686.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2524

SRPMS

4/core

• readline-6.2-9.1.mga4

3/core

• readline-6.2-7.1.mga3