Mageia alert MGASA-2012-0160 (sympa)

From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2012-0160: sympa-6.1.4-2.2.mga (1, 2/core) 
Date:
    	       Wed, 11 Jul 2012 23:01:39 +0200
Message-ID:
    	       <20120711210139.GA3090@valstar.mageia.org>

MGASA-2012-0160
Date: 	July 11th, 2012
Affected releases: 	1, 2

Description:
Updated sympa packages fix security vulnerability:

The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in
in Sympa before 6.1.11 does not check permissions, which allows remote
attackers to list, read, and delete arbitrary list archives via
vectors related to the (1) do_arc_manage, (2) do_arc_download, or
(3) do_arc_delete functions (CVE-2012-2352).

Additionally, a segfault occuring with perl 5.14.2 has been fixed on
Mageia 2.

Updated Packages:
Mageia 1:
sympa-6.1.4-2.2.mga1
sympa-www-6.1.4-2.2.mga1

Mageia 2:
sympa-6.1.4-2.2.mga2
sympa-www-6.1.4-2.2.mga2

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2352

https://www.sympa.org/security_advisories#security_breach...
http://www.debian.org/security/2012/dsa-2477

https://bugs.mageia.org/show_bug.cgi?id=5939

https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...

From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2012-0160: sympa-6.1.4-2.2.mga (1, 2/core)
Date:		Wed, 11 Jul 2012 23:01:39 +0200
Message-ID:		<20120711210139.GA3090@valstar.mageia.org>