Advisories ยป MGASA-2018-0380

Updated libcgroup packages fix security vulnerability

Publication date: 21 Sep 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-14348

Description

The cgrulesengd daemon (cgred) in libcgroup through version 0.41 creates
log files (/var/log/cgred) with world readable and writable permissions
(0o666) due to a reset of the file mode creation mask (umask(0)) in the
daemon/cgrulesengd.c:cgre_start_daemon() function (CVE-2018-14348).
                

References

SRPMS

6/core