Updated arpwatch packages fix security vulnerability
Publication date: 20 Nov 2021Modification date: 20 Nov 2021
Type: security
Affected Mageia releases : 8
CVE: CVE-2021-25321
Description
A symbolic link (Symlink) following vulnerability in arpwatch allows local attackers with control of the runtime user to run arpwatch and to escalate to root upon the next restart of arpwatch. (CVE-2021-25321)
References
- https://bugs.mageia.org/show_bug.cgi?id=29188
- https://lists.suse.com/pipermail/sle-security-updates/2021-June/009098.html
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Y7SKTH3533HITV3EN436RULMJP2HHQND/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25321
SRPMS
8/core
- arpwatch-2.1a15-21.2.mga8