Package name
davfs2
Date
2013-09-30
Advisory ID
MDVSA-2013:244
Affected versions
MES5 i586 , MBS1 x86_64 , MES5 x86_64

Problem description

A vulnerability has been discovered and corrected in davfs2:

Davfs2, a filesystem client for WebDAV, calls the function system()
insecurely while is setuid root. This might allow a privilege
escalation (CVE-2013-4362).

The updated packages have been patched to correct this issue.

Updated packages

MES5 i586

 f0853a536a00aa39b994df01dade61c5  mes5/i586/davfs2-1.3.3-1.1mdvmes5.2.i586.rpm 
 0b7bf41ff10ccfed01f0cd050cd1eb36  mes5/SRPMS/davfs2-1.3.3-1.1mdvmes5.2.src.rpm

MBS1 x86_64

 cf2712a4255fe5b908fc516ac392ee08  mbs1/x86_64/davfs2-1.4.6-2.1.mbs1.x86_64.rpm 
 1870bfd952eeb78a7ed655c87e7b1b2e  mbs1/SRPMS/davfs2-1.4.6-2.1.mbs1.src.rpm

MES5 x86_64

 aad5a3a3e974b458b3088a34c15daffb  mes5/x86_64/davfs2-1.3.3-1.1mdvmes5.2.x86_64.rpm 
 0b7bf41ff10ccfed01f0cd050cd1eb36  mes5/SRPMS/davfs2-1.3.3-1.1mdvmes5.2.src.rpm

References