Updated smb4k packages fix security vulnerability
Publication date: 14 Jun 2017Modification date: 14 Jun 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-8849
Description
Smb4k contains a logic flaw in which mount helper binary does not properly verify the mount command it is being asked to run. This allows calling any other binary as root since the mount helper is typically installed as suid (CVE-2017-8849).
References
SRPMS
5/core
- smb4k-1.2.3-1.mga5