/[advisories]/9027.adv
ViewVC logotype

Contents of /9027.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 40 - (show annotations) (download)
Tue Jun 18 15:55:08 2013 UTC (6 years ago) by boklm
File size: 900 byte(s)
Remove CVE links from references

CVE links are now added automatically
1 ID: MGASA-2013-0158
2 pubtime: 1370521473
3 type: security
4 src:
5 2:
6 core:
7 - sssd-1.8.6-1.mga2
8 CVE:
9 - CVE-2013-0219
10 subject: Updated sssd packages fix security vulnerability
11 description: |
12 A TOCTOU (time-of-check time-of-use) race condition was found in the way SSSD,
13 System Security Services Daemon, performed copying and removal of (user)
14 directory trees.A local attacker, with permissions to write into directory of
15 the victim, being actively / currently copied / removed via the sssd daemon
16 facility, could use this flaw to conduct symbolic link attacks, leading to
17 their ability to alter / remove directories outside of originally intended, to
18 be modified, directory tree (CVE-2013-0219).
19 references:
20 - https://fedorahosted.org/sssd/ticket/1782
21 - http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098434.html
22 - https://bugs.mageia.org/show_bug.cgi?id=9027
23

  ViewVC Help
Powered by ViewVC 1.1.26