Advisories » MGASA-2014-0461

Updated hawtjni packages fix security vulnerability

Publication date: 21 Nov 2014
Modification date: 21 Nov 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-2035

Description

The HawtJNI Library class wrote native libraries to a predictable file name
in /tmp/ when the native libraries were bundled in a JAR file, and no
custom library path was specified. A local attacker could overwrite these
native libraries with malicious versions during the window between when
HawtJNI writes them and when they are executed (CVE-2013-2035).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=12934
• https://rhn.redhat.com/errata/RHSA-2014-0245.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2035

SRPMS

3/core

• hawtjni-1.9-1.mga3