advisories/10779.adv

type: security
subject: Updated nagstamon package fixes security vulnerability
CVE:
 - CVE-2013-4114
src:
  3:
   core:
     - nagstamon-0.9.9-1.2.mga3
description: |
  A user details information exposure flaw was found in the way Nagstamon
  performed automated requests to get information about available updates.
  Remote attackers could use this flaw to obtain user credentials for servers
  monitored by the desktop status monitor due to their improper (base64
  encoding-based) encoding in the HTTP request, when the HTTP Basic
  authentication scheme was used (CVE-2013-4114).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=10779
 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4114
 - https://lists.fedoraproject.org/pipermail/package-announce/2013-July/111698.html
ID: MGASA-2013-0262
1	type: security
2	subject: Updated nagstamon package fixes security vulnerability
3	CVE:
4	- CVE-2013-4114
5	src:
6	3:
7	core:
8	- nagstamon-0.9.9-1.2.mga3
9	description: \|
10	A user details information exposure flaw was found in the way Nagstamon
11	performed automated requests to get information about available updates.
12	Remote attackers could use this flaw to obtain user credentials for servers
13	monitored by the desktop status monitor due to their improper (base64
14	encoding-based) encoding in the HTTP request, when the HTTP Basic
15	authentication scheme was used (CVE-2013-4114).
16	references:
17	- https://bugs.mageia.org/show_bug.cgi?id=10779
18	- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4114
19	- https://lists.fedoraproject.org/pipermail/package-announce/2013-July/111698.html
20	ID: MGASA-2013-0262