Advisories » MGASA-2014-0341

Updated catfish package fixes CVE-2014-2093

Publication date: 21 Aug 2014
Modification date: 21 Aug 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2014-2093

Description

Updated catfish package fixes security vulnerability:

Untrusted search path vulnerability in Catfish allows local users to gain
privileges via a Trojan horse catfish.py in the current working directory
(CVE-2014-2093).

Additionally, the update fixes the application icon symlink and a crash when
some icons are missing from the icon theme.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=13908
• https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130342.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2093

SRPMS

3/core

• catfish-0.3.2-6.1.mga3