| |||||||||||||||||||
Mageia alert MGASA-2012-0160 (sympa)
MGASA-2012-0160 Date: July 11th, 2012 Affected releases: 1, 2 Description: Updated sympa packages fix security vulnerability: The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3) do_arc_delete functions (CVE-2012-2352). Additionally, a segfault occuring with perl 5.14.2 has been fixed on Mageia 2. Updated Packages: Mageia 1: sympa-6.1.4-2.2.mga1 sympa-www-6.1.4-2.2.mga1 Mageia 2: sympa-6.1.4-2.2.mga2 sympa-www-6.1.4-2.2.mga2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2352 https://www.sympa.org/security_advisories#security_breach... http://www.debian.org/security/2012/dsa-2477 https://bugs.mageia.org/show_bug.cgi?id=5939 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-... (Log in to post comments)
|
|||||||||||||||||||