Updated aide & mhash packages fix security vulnerability
Publication date: 31 Mar 2024Modification date: 31 Mar 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2021-45417
Description
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow. (CVE-2021-45417)
References
- https://bugs.mageia.org/show_bug.cgi?id=29911
- https://www.openwall.com/lists/oss-security/2022/01/20/3
- https://ubuntu.com/security/notices/USN-5243-1
- https://www.debian.org/security/2022/dsa-5051
- https://access.redhat.com/errata/RHSA-2022:0441
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45417
SRPMS
9/core
- aide-0.18.6-1.mga9
- mhash-0.9.9.9-16.1.mga9