MGASA-2021-0515 - Updated arpwatch packages fix security vulnerability

Publication date: 20 Nov 2021
URL: https://advisories.mageia.org/MGASA-2021-0515.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2021-25321

A symbolic link (Symlink) following vulnerability in arpwatch allows local
attackers with control of the runtime user to run arpwatch and to escalate
to root upon the next restart of arpwatch. (CVE-2021-25321)

References:
- https://bugs.mageia.org/show_bug.cgi?id=29188
- https://lists.suse.com/pipermail/sle-security-updates/2021-June/009098.html
- https://lists.opensuse.org/archives/list/[email protected]/thread/Y7SKTH3533HITV3EN436RULMJP2HHQND/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25321

SRPMS:
- 8/core/arpwatch-2.1a15-21.2.mga8