Advisories » MGASA-2024-0292

Updated apr packages fix security vulnerability

Publication date: 10 Sep 2024
Modification date: 10 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-49582

Description

Lax permissions set by the Apache Portable Runtime library on Unix
platforms would allow local users read access to named shared memory
segments, potentially revealing sensitive application data.
(CVE-203-49582)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33514
• https://openwall.com/lists/oss-security/2024/08/26/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49582

SRPMS

9/core

• apr-1.7.5-1.mga9