MDVSA-2012:114
- Nom du paquet
- apache-mod_auth_openid
- Date
- 2012-07-26
- Advisory ID
- MDVSA-2012:114
- Affected versions
- MES5 i586 , MES5 x86_64
Problem description
A vulnerability has been discovered and corrected in
apache-mod_auth_openid:
mod_auth_openid before 0.7 for Apache uses world-readable permissions
for /tmp/mod_auth_openid.db, which allows local users to obtain
session ids (CVE-2012-2760).
The updated packages have been upgraded to the latest version (0.7)
which is not affected by this issue.
Updated packages
MES5 i586
848ec6ec7cbf005e519e3a6bf4d8bff2 mes5/i586/apache-mod_auth_openid-0.7-0.1mdvmes5.2.i586.rpm 0e38c57c1499be9ec13c68ff8a9a5917 mes5/SRPMS/apache-mod_auth_openid-0.7-0.1mdvmes5.2.src.rpm
MES5 x86_64
827c761f2b45a40cc8837821da9a6ff6 mes5/x86_64/apache-mod_auth_openid-0.7-0.1mdvmes5.2.x86_64.rpm 0e38c57c1499be9ec13c68ff8a9a5917 mes5/SRPMS/apache-mod_auth_openid-0.7-0.1mdvmes5.2.src.rpm