Advisories » MGASA-2014-0390

Updated perl-XML-DT package fix CVE-2014-5260

Publication date: 26 Sep 2014
Modification date: 26 Sep 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-5260

Description

Updated perl-XML-DT package fixes security vulnerability:

The mkxmltype and mkdtskel scripts provided in perl-XML-DT allow local users
to overwrite arbitrary files via a symlink attack on a /tmp/_xml_#####
temporary file (CVE-2014-5260).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=13931
• http://openwall.com/lists/oss-security/2014/08/15/8
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5260

SRPMS

3/core

• perl-XML-DT-0.660.0-1.mga3

4/core

• perl-XML-DT-0.660.0-1.mga4