Mandriva

[ MDVSA-2014:191 ] perl-XML-DT

Leave a comment 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:191
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : perl-XML-DT
 Date    : September 29, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated perl-XML-DT package fixes security vulnerability:
 
 The mkxmltype and mkdtskel scripts provided in perl-XML-DT allow
 local users to overwrite arbitrary files via a symlink attack on a
 /tmp/_xml_##### temporary file (CVE-2014-5260).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5260
 http://advisories.mageia.org/MGASA-2014-0390.html
 _______________________________________________________________________

 Updated P

Leave a Reply