Updated tntnet packages fix security vulnerability
Publication date: 16 Feb 2014Modification date: 09 Jul 2015
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-7299
Description
A flaw in Tntnet before 2.2.1 allows remote attackers to obtain sensitive information via a header that ends in \n instead of \r\n, which prevents a null terminator from being added and causes Tntnet to include headers from other requests (CVE-2013-7299).
References
SRPMS
3/core
- tntnet-2.1-2.1.mga3
4/core
- tntnet-2.2-2.1.mga4