Mageia alert MGASA-2013-0304 (davfs2)


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2013-0304: Updated davfs2 packages fix CVE-2013-4362 
Date:
    	       Fri, 11 Oct 2013 19:35:49 +0200
Message-ID:
    	       <20131011173549.C3FC24863B@valstar.mageia.org>

MGASA-2013-0304 - Updated davfs2 packages fix CVE-2013-4362

Publication date: 11 Oct 2013
URL: http://advisories.mageia.org/MGASA-2013-0304.html
Type: security
Affected Mageia releases: 2, 3
CVE: CVE-2013-4362

Description:
Updated davfs2 package fixes security vulnerability:

Davfs2, a filesystem client for WebDAV, calls the function system()
insecurely while is setuid root. This might allow a privilege escalation.
(CVE-2013-4362)

References:
- http://www.debian.org/security/2013/dsa-2765
- https://bugs.mageia.org/show_bug.cgi?id=11300
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4362

SRPMS:
- 3/core/davfs2-1.4.7-3.1.mga3
- 2/core/davfs2-1.4.6-1.1.mga2

From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2013-0304: Updated davfs2 packages fix CVE-2013-4362
Date:		Fri, 11 Oct 2013 19:35:49 +0200
Message-ID:		<20131011173549.C3FC24863B@valstar.mageia.org>