Advisories » MGASA-2013-0304

Updated davfs2 packages fix CVE-2013-4362

Publication date: 11 Oct 2013
Modification date: 11 Oct 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-4362

Description

Updated davfs2 package fixes security vulnerability:

Davfs2, a filesystem client for WebDAV, calls the function system()
insecurely while is setuid root. This might allow a privilege escalation.
(CVE-2013-4362)
                

References

• http://www.debian.org/security/2013/dsa-2765
• https://bugs.mageia.org/show_bug.cgi?id=11300
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4362

SRPMS

3/core

• davfs2-1.4.7-3.1.mga3

2/core

• davfs2-1.4.6-1.1.mga2