Wiki » Support/Advisories/MGASA-2012-0160

MGASA-2012-0160

Date:	July 11th, 2012
Affected releases:	1, 2

Description:
Updated sympa packages fix security vulnerability:

The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in
in Sympa before 6.1.11 does not check permissions, which allows remote
attackers to list, read, and delete arbitrary list archives via
vectors related to the (1) do_arc_manage, (2) do_arc_download, or
(3) do_arc_delete functions (CVE-2012-2352).

Additionally, a segfault occuring with perl 5.14.2 has been fixed on
Mageia 2.

Updated Packages:
Mageia 1:
sympa-6.1.4-2.2.mga1
sympa-www-6.1.4-2.2.mga1

Mageia 2:
sympa-6.1.4-2.2.mga2
sympa-www-6.1.4-2.2.mga2

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2352
https://www.sympa.org/security_advisories#security_breaches_in_archives_management
http://www.debian.org/security/2012/dsa-2477
https://bugs.mageia.org/show_bug.cgi?id=5939

Wiki » Support/Advisories/MGASA-2012-0160

MGASA-2012-0160

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools