Nom du paquet
arpwatch
Date
2013-04-05
Advisory ID
MDVSA-2013:030
Affected versions
MBS1 x86_64

Problem description

A vulnerability has been discovered and corrected in arpwatch:

arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly
others, does not properly drop supplementary groups, which might allow
attackers to gain root privileges by leveraging other vulnerabilities
in the daemon (CVE-2012-2653).

The updated packages have been patched to correct this issue.

NOTE: This advisory was previousely given the MDVSA-2013:017 identifier
by mistake.

Updated packages

MBS1 x86_64

 d6d3c0c77705492461de769e367ec046  mbs1/x86_64/arpwatch-2.1a15-10.1.mbs1.x86_64.rpm 
 2a9f7474dcb2e4e885f10c9923bd86b9  mbs1/SRPMS/arpwatch-2.1a15-10.1.mbs1.src.rpm

References