Advisories ยป MGASA-2014-0461

Updated hawtjni packages fix security vulnerability

Publication date: 21 Nov 2014
Modification date: 21 Nov 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-2035

Description

The HawtJNI Library class wrote native libraries to a predictable file name
in /tmp/ when the native libraries were bundled in a JAR file, and no
custom library path was specified. A local attacker could overwrite these
native libraries with malicious versions during the window between when
HawtJNI writes them and when they are executed (CVE-2013-2035).
                

References

SRPMS

3/core