MDVSA-2008:076

Package name

wml

Date

2008-03-26

Advisory ID

MDVSA-2008:076

Affected versions

2008.0 x86_64 , 2008.0 i586 , 2007.1 i586 , 2007.1 x86_64

Problem description

Two vulnerabilities were found in the Website META Language (WML)
package that allowed local users to overwrite arbitrary files via
symlink attacks.

The updated packages have been patched to correct these issues.

Updated packages

2008.0 x86_64

 1e57a84169d7168bae4aff8bdc38f02e  2008.0/x86_64/wml-2.0.11-1.1mdv2008.0.x86_64.rpm 
 c34710838783e2d725ecf5fc99d24091  2008.0/SRPMS/wml-2.0.11-1.1mdv2008.0.src.rpm

2008.0 i586

 e25d594701c56bd51c8e648ebeac206b  2008.0/i586/wml-2.0.11-1.1mdv2008.0.i586.rpm 
 c34710838783e2d725ecf5fc99d24091  2008.0/SRPMS/wml-2.0.11-1.1mdv2008.0.src.rpm

2007.1 i586

 5236531d6397a276dbbdc13b118605db  2007.1/i586/wml-2.0.11-1.1mdv2007.1.i586.rpm 
 aa1c8ddcebacd87ab711f45b29297aff  2007.1/SRPMS/wml-2.0.11-1.1mdv2007.1.src.rpm

2007.1 x86_64

 b6cca9238f4c53141f18fa72302fe8fe  2007.1/x86_64/wml-2.0.11-1.1mdv2007.1.x86_64.rpm 
 aa1c8ddcebacd87ab711f45b29297aff  2007.1/SRPMS/wml-2.0.11-1.1mdv2007.1.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0665
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0666