Lucene search

Gentoo FoundationMGASA-2014-0342

HistoryAug 21, 2014 - 1:36 p.m.

Updated catfish package fixes CVE-2014-2096

2014-08-2113:36:13

Gentoo Foundation

advisories.mageia.org

4.6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Updated catfish package fixes security vulnerabilities: Untrusted search path vulnerability in Catfish allows local users to gain privileges via a Trojan horse bin/catfish.py in the current working directory (CVE-2014-2096). Additionally, the update adds a missing requirement for the gnome-icon-theme-symbolic package.

OSVersionArchitecturePackageVersionFilename
Mageia4noarchcatfish< 0.8.2-2.1catfish-0.8.2-2.1.mga4

OS	Version	Architecture	Package	Version	Filename
Mageia	4	noarch	catfish	< 0.8.2-2.1	catfish-0.8.2-2.1.mga4

References

bugs.mageia.org/show_bug.cgi?id=13908

lists.fedoraproject.org/pipermail/package-announce/2014-March/130347.html

4.6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for MGASA-2014-0342