Advisories ยป MGASA-2014-0342

Updated catfish package fixes CVE-2014-2096

Publication date: 21 Aug 2014
Modification date: 21 Aug 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-2096

Description

Updated catfish package fixes security vulnerabilities:

Untrusted search path vulnerability in Catfish allows local users to gain
privileges via a Trojan horse bin/catfish.py in the current working directory
(CVE-2014-2096).

Additionally, the update adds a missing requirement for the
gnome-icon-theme-symbolic package.
                

References

SRPMS

4/core