Advisories ยป MGASA-2014-0277

Updated iodine packages fix CVE-2014-4168

Publication date: 27 Jun 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-4168

Description

Updated iodine packages fix security vulnerability:

Oscar Reparaz discovered an authentication bypass vulnerability in iodine,
a tool for tunneling IPv4 data through a DNS server. A remote attacker
could provoke a server to accept the rest of the setup or also network
traffic by exploiting this flaw (CVE-2014-4168).
                

References

SRPMS

3/core

4/core