Mageia 2021-0515: arpwatch security update
Summary
A symbolic link (Symlink) following vulnerability in arpwatch allows local
attackers with control of the runtime user to run arpwatch and to escalate
to root upon the next restart of arpwatch. (CVE-2021-25321)
References
- https://bugs.mageia.org/show_bug.cgi?id=29188
- https://lists.suse.com/pipermail/sle-security-updates/2021-June/009098.html
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Y7SKTH3533HITV3EN436RULMJP2HHQND/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25321
Resolution
MGASA-2021-0515 - Updated arpwatch packages fix security vulnerability
SRPMS
- 8/core/arpwatch-2.1a15-21.2.mga8