Updated openvas-manager packages fix security vulnerability
Publication date: 05 Jan 2015Modification date: 05 Jan 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-9220
Description
Updated openvas-manager packages fixes security vulnerability: It has been identified that OpenVAS Manager before 4.0.6 is vulnerable to sql injections due to a improper handling of the timezone parameter in modify_schedule OMP command. It has been identified that this vulnerability may allow read-access via sql for authorized user account which have permission to modify schedule objects (CVE-2014-9220).
References
SRPMS
4/core
- openvas-manager-4.0.6-1.mga4
- openvas-libraries-6.0.3-1.mga4