Parent Directory | Revision Log
MGASA-2013-0262: nagstamon-0.9.9-1.2.mga3
1 | type: security |
2 | subject: Updated nagstamon package fixes security vulnerability |
3 | CVE: |
4 | - CVE-2013-4114 |
5 | src: |
6 | 3: |
7 | core: |
8 | - nagstamon-0.9.9-1.2.mga3 |
9 | description: | |
10 | A user details information exposure flaw was found in the way Nagstamon |
11 | performed automated requests to get information about available updates. |
12 | Remote attackers could use this flaw to obtain user credentials for servers |
13 | monitored by the desktop status monitor due to their improper (base64 |
14 | encoding-based) encoding in the HTTP request, when the HTTP Basic |
15 | authentication scheme was used (CVE-2013-4114). |
16 | references: |
17 | - https://bugs.mageia.org/show_bug.cgi?id=10779 |
18 | - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4114 |
19 | - https://lists.fedoraproject.org/pipermail/package-announce/2013-July/111698.html |
20 | ID: MGASA-2013-0262 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |