|
|
Subscribe / Log in / New account

Mageia alert MGASA-2021-0515 (arpwatch)



From:
              Mageia Updates <buildsystem-daemon@mageia.org>


To:
              updates-announce@ml.mageia.org


Subject:
              [updates-announce] MGASA-2021-0515: Updated arpwatch packages fix security vulnerability


Date:
              Sat, 20 Nov 2021 20:32:02 +0100


Message-ID:
              <20211120193202.4128A9F640@duvel.mageia.org>


Archive-link:
              Article


MGASA-2021-0515 - Updated arpwatch packages fix security vulnerability

Publication date: 20 Nov 2021
URL: https://advisories.mageia.org/MGASA-2021-0515.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2021-25321

Description:
A symbolic link (Symlink) following vulnerability in arpwatch allows local
attackers with control of the runtime user to run arpwatch and to escalate
to root upon the next restart of arpwatch. (CVE-2021-25321)

References:
- https://bugs.mageia.org/show_bug.cgi?id=29188
- https://lists.suse.com/pipermail/sle-security-updates/202...
-
https://lists.opensuse.org/archives/list/security-announc...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2...

SRPMS:
- 8/core/arpwatch-2.1a15-21.2.mga8
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds