Mageia alert MGASA-2013-0268 (libdigidoc) [LWN.net]


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2013-0268: Updated libdigidoc packages fix CVE-2013-5648 
Date:
    	       Fri, 30 Aug 2013 19:44:19 +0200
Message-ID:
    	       <20130830174419.6E18348798@valstar.mageia.org>
Archive-link:
    	       Article, Thread
              
MGASA-2013-0268 - Updated libdigidoc packages fix CVE-2013-5648

Publication date: 30 Aug 2013
URL: http://advisories.mageia.org/MGASA-2013-0268.html
Type: security
Affected Mageia releases: 2, 3
CVE: CVE-2013-5648

Description:
Updated libdigidoc packages fix security vulnerability:

Fixed one critical bug in the DDOC parsing routines. By persuading a victim to
open a specially-crafted DDOC file, a remote attacker could exploit this
vulnerability to overwrite arbitrary files on the system with the privileges
of the victim (CVE-2013-5648).

References:
- http://www.id.ee/?lang=en&id=34283#3_7_2
- https://bugs.mageia.org/show_bug.cgi?id=11100
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5648

SRPMS:
- 3/core/libdigidoc-3.6.0.0-3.1.mga3
- 2/core/libdigidoc-2.7.1.59-1.1.mga2
(Log in to post comments)