Updated nmap packages fix security vulnerability
Publication date: 06 Apr 2018Modification date: 06 Apr 2018
Type: security
Affected Mageia releases : 6
Description
Nmap developer nnposter found a security flaw (directory traversal vulnerability) in the way the non-default http-fetch script sanitized URLs. If a user manualy ran this NSE script against a malicious web server, the server could potentially (depending on NSE arguments used) cause files to be saved outside the intended destination directory. Existing files couldn't be overwritten. We fixed http-fetch, audited our other scripts to ensure they didn't make this mistake, and updated the httpspider library API to protect against this by default.
SRPMS
6/core
- nmap-7.40-1.1.mga6