From Mageia wiki
MGASA-2012-0129
Date: | June 27th, 2012 |
Affected releases: | 1, 2 |
Description:
Updated arpwatch package fixes security vulnerability:
Steve Grubb from Red Hat discovered that a patch for arpwatch (as
shipped at least in Red Hat and Debian distributions) in order to
make it drop root privileges would fail to do so and instead add
the root group to the list of the daemon uses (CVE-2012-2653).
Updated Packages:
Mageia 1:
arpwatch-2.1a15-8.1.mga1
Mageia 2:
arpwatch-2.1a15-9.1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2653
http://www.debian.org/security/2012/dsa-2481
https://bugs.mageia.org/show_bug.cgi?id=6329