MGASA-2014-0058

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0058.html

Import Source

https://advisories.mageia.org/MGASA-2014-0058.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2014-0058

Related

Published

2014-02-12T17:10:49Z

Modified

2014-02-12T17:10:39Z

Summary

Updated augeas package fixes security vulnerabilities

Details

Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack (CVE-2012-0786, CVE-2012-0787).

A flaw was found in the way Augeas handled certain umask settings when creating new configuration files. This flaw could result in configuration files being created as world writable, allowing unprivileged local users to modify their content (CVE-2013-6412).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:3 / augeas

Package

Name: augeas
Purl: pkg:rpm/mageia/augeas?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.0-1.1.mga3

Ecosystem specific

{
    "section": "core"
}