Debian Security Advisory

DLA-28-1 augeas -- LTS security update

Date Reported:
01 Aug 2014
Affected Packages:
augeas
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 731111, Bug 731132.
In Mitre's CVE dictionary: CVE-2012-0786, CVE-2012-0787, CVE-2013-6412.
More information:

Multiple race conditions were discovered in augeas when saving configuration files which expose it to symlink attacks. Write access to the directory where the configuration file is located is required by the attacker.

For Debian 6 Squeeze, these issues have been fixed in augeas version 0.7.2-1+deb6u1