|
|
Subscribe / Log in / New account

Mageia alert MGASA-2014-0341 (catfish)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2014-0341: Updated catfish package fixes CVE-2014-2093 


Date:
    	      Thu, 21 Aug 2014 11:36:32 +0200


Message-ID:
    	      <20140821093632.B2C2959406@valstar.mageia.org>


MGASA-2014-0341 - Updated catfish package fixes CVE-2014-2093

Publication date: 21 Aug 2014
URL: http://advisories.mageia.org/MGASA-2014-0341.html

Type: security
Affected Mageia releases: 3
CVE: CVE-2014-2093

Description:
Updated catfish package fixes security vulnerability:

Untrusted search path vulnerability in Catfish allows local users to gain
privileges via a Trojan horse catfish.py in the current working directory
(CVE-2014-2093).

Additionally, the update fixes the application icon symlink and a crash when
some icons are missing from the icon theme.

References:
- https://bugs.mageia.org/show_bug.cgi?id=13908

- https://lists.fedoraproject.org/pipermail/package-announc...
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2093


SRPMS:
- 3/core/catfish-0.3.2-6.1.mga3
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds