Updated nmap packages fix security vulnerability
Publication date: 06 Apr 2018Modification date: 06 Apr 2018
Type: security
Affected Mageia releases : 6
Description
Nmap developer nnposter found a security flaw (directory traversal
vulnerability) in the way the non-default http-fetch script sanitized
URLs. If a user manualy ran this NSE script against a malicious web
server, the server could potentially (depending on NSE arguments used)
cause files to be saved outside the intended destination directory.
Existing files couldn't be overwritten. We fixed http-fetch, audited
our other scripts to ensure they didn't make this mistake, and updated
the httpspider library API to protect against this by default.
SRPMS
6/core
- nmap-7.40-1.1.mga6