| |||||||||||||||||||
Mageia alert MGASA-2012-0209 (gypsy)
MGASA-2012-0209 Date: August 12th, 2012 Affected releases: 1, 2 Description: Updated gypsy packages fix security vulnerabilities: Regular users can request that arbitrary files be opened for reading. In the best case, this is a denial of service. Worst-case, this could lead to information disclosure or privilege escalation (CVE-2011-0523). Unchecked buffer overflows as well in gps_channel_garmin_input() via nmeabuf and nmea_gpgsv(), which could be used in an attack (CVE-2011-0524). Note: a new config file, /etc/gypsy.conf, has been added that specifies a whitelist of globs. By default, they are "/dev/tty*", "/dev/pgps", and "bluetooth" (which matches Bluetooth addresses) Updated Packages: Mageia 1: gypsy-0.8-2.1.mga1 gypsy-devel-0.8-2.1.mga1 gypsy-docs-0.8-2.1.mga1 lib(64)gypsy0-0.8-2.1.mga1 Mageia 2: gypsy-0.8-2.1.mga2 gypsy-devel-0.8-2.1.mga2 gypsy-docs-0.8-2.1.mga2 lib(64)gypsy0-0.8-2.1.mga2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0523 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0524 https://bugs.launchpad.net/ubuntu/+source/gypsy/+bug/690323 http://lists.opensuse.org/opensuse-updates/2012-07/msg000... https://bugs.mageia.org/show_bug.cgi?id=6808 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-... (Log in to post comments)
|
|||||||||||||||||||