Advisories » MGASA-2015-0333

Updated audit packages fix security vulnerability

Publication date: 30 Aug 2015
Modification date: 30 Aug 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-5186

Description

When auditing the filesystem the names of files are logged. These filenames
can contain escape sequences, when viewed using the ausearch programs "-i"
option for example this can result in the escape sequences being processed
unsafely by the terminal program being used to view the data (CVE-2015-5186).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16584
• http://openwall.com/lists/oss-security/2015/08/13/9
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5186

SRPMS

4/core

• audit-2.3.2-2.5.mga4

5/core

• audit-2.4.4-1.mga5