Advisories » MGASA-2022-0306

Updated canna packages fix security vulnerability

Publication date: 25 Aug 2022
Modification date: 25 Aug 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-21950

Description

Move UNIX socket dir from /tmp to /run to avoid local attackers being able
to place bogus directories in its stead. (CVE-2022-21950)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=30755
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/N6TC5ZCUI72X4R5D7ZDQYSKDW4VVCUOE/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21950

SRPMS

8/core

• canna-3.7p3-25.1.mga8