Advisories » MGASA-2016-0057

Updated radicale packages fix CVE-2015-8748

Publication date: 09 Feb 2016
Modification date: 09 Feb 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-8748

Description

Updated radicale package fixes security vulnerabilities:

If an attacker is able to authenticate with a user name like `.*', he can
bypass read/write limitations imposed by regex-based rules, including the
built-in rules `owner_write' (read for everybody, write for the calendar
owner) and `owner_only' (read and write for the the calendar owner)
(CVE-2015-8748).

The radicale package has been updated to version 1.1.1, fixing this issue and
several other security issues.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17452
• http://radicale.org/news/
• https://www.debian.org/security/2016/dsa-3462
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8748

SRPMS

5/core

• radicale-1.1.1-1.1.mga5