Advisories » MGASA-2014-0342

Updated catfish package fixes CVE-2014-2096

Publication date: 21 Aug 2014
Modification date: 21 Aug 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-2096

Description

Updated catfish package fixes security vulnerabilities:

Untrusted search path vulnerability in Catfish allows local users to gain
privileges via a Trojan horse bin/catfish.py in the current working directory
(CVE-2014-2096).

Additionally, the update adds a missing requirement for the
gnome-icon-theme-symbolic package.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=13908
• https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130347.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2096

SRPMS

4/core

• catfish-0.8.2-2.1.mga4