Arch Linux: ASA-201902-18 High: Hiawatha Directory Traversal
Feb 18, 2019
•
LinuxSecurity Advisories
1 min read
Topics Covered
The package hiawatha before version 10.8.4-1 is vulnerable to directory traversal.
Arch Linux Security Advisory ASA-201902-18 ========================================= Severity: High Date : 2019-02-16 CVE-ID : CVE-2019-8358 Package : hiawatha Type : directory traversal Remote : Yes Link : https://security.archlinux.org/AVG-900 Summary ====== The package hiawatha before version 10.8.4-1 is vulnerable to directory traversal. Resolution ========= Upgrade to 10.8.4-1. # pacman -Syu "hiawatha>=10.8.4-1" The problem has been fixed upstream in version 10.8.4. Workaround ========= None. Description ========== In Hiawatha before 10.8.4 a remote attacker is able to do directory traversal if AllowDotFiles is enabled. Impact ===== A remote attacker is able to read arbitrary files from a hiawatha server. References ========= https://security.archlinux.org/CVE-2019-8358
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!