From Mageia wiki
Jump to: navigation, search

MGASA-2012-0321

Date: November 6th, 2012
Affected releases: 1, 2


Description:
Updated bacula packages fix security vulnerabilities:

Some of the mtx-changer example autochangers in bacula before 5.2.1 could
allow local users to overwrite any local file via a symlink attack, due
to insecure temp file naming (CVE-2008-5373).

An information leak flaw was found in the way Bacula before 5.2.11 enforced
access control list (ACL) rules prior providing information about a
particular resource. A remote attacker could use this flaw to obtain
(possibly sensitive) information (CVE-2012-4430).

Additionally, two other security-related fixes from upstream have been
included. One is a fix for a possible fnmatch problem, and the other
adds rate limiting of bad connections.


Updated Packages:
Mageia 1:
bacula-bat-5.0.3-2.1.mga1
bacula-common-5.0.3-2.1.mga1
bacula-console-5.0.3-2.1.mga1
bacula-console-wx-5.0.3-2.1.mga1
bacula-dir-common-5.0.3-2.1.mga1
bacula-dir-mysql-5.0.3-2.1.mga1
bacula-dir-pgsql-5.0.3-2.1.mga1
bacula-dir-sqlite3-5.0.3-2.1.mga1
bacula-fd-5.0.3-2.1.mga1
bacula-gui-bimagemgr-5.0.3-2.1.mga1
bacula-gui-brestore-5.0.3-2.1.mga1
bacula-gui-web-5.0.3-2.1.mga1
bacula-sd-5.0.3-2.1.mga1
bacula-tray-monitor-5.0.3-2.1.mga1
lib(64)bacula-5.0.3-2.1.mga1

Mageia 2:
bacula-bat-5.0.3-3.1.mga2
bacula-common-5.0.3-3.1.mga2
bacula-console-5.0.3-3.1.mga2
bacula-console-wx-5.0.3-3.1.mga2
bacula-dir-common-5.0.3-3.1.mga2
bacula-dir-mysql-5.0.3-3.1.mga2
bacula-dir-pgsql-5.0.3-3.1.mga2
bacula-dir-sqlite3-5.0.3-3.1.mga2
bacula-fd-5.0.3-3.1.mga2
bacula-gui-bimagemgr-5.0.3-3.1.mga2
bacula-gui-brestore-5.0.3-3.1.mga2
bacula-gui-web-5.0.3-3.1.mga2
bacula-sd-5.0.3-3.1.mga2
bacula-tray-monitor-5.0.3-3.1.mga2
lib(64)bacula-5.0.3-3.1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4430
http://www.bacula.org/git/cgit.cgi/bacula/tree/bacula/ReleaseNotes
http://www.bacula.org/git/cgit.cgi/bacula/tree/bacula/ChangeLog
http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084347.html
https://bugzilla.redhat.com/show_bug.cgi?id=857955
http://www.debian.org/security/2012/dsa-2558
https://bugs.mageia.org/show_bug.cgi?id=7470

Retrieved from "https://wiki.mageia.org/mw-en/index.php?title=Support/Advisories/MGASA-2012-0321&oldid=12347"