Advisories » MGASA-2024-0100

Updated aide & mhash packages fix security vulnerability

Publication date: 31 Mar 2024
Modification date: 31 Mar 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2021-45417

Description

AIDE before 0.17.4 allows local users to obtain root privileges via
crafted file metadata (such as XFS extended attributes or tmpfs ACLs),
because of a heap-based buffer overflow. (CVE-2021-45417)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=29911
• https://www.openwall.com/lists/oss-security/2022/01/20/3
• https://ubuntu.com/security/notices/USN-5243-1
• https://www.debian.org/security/2022/dsa-5051
• https://access.redhat.com/errata/RHSA-2022:0441
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45417

SRPMS

9/core

• aide-0.18.6-1.mga9
• mhash-0.9.9.9-16.1.mga9