{"id":"MGASA-2014-0058","summary":"Updated augeas package fixes security vulnerabilities","details":"Multiple flaws were found in the way Augeas handled configuration files\nwhen updating them. An application using Augeas to update configuration\nfiles in a directory that is writable to by a different user (for example,\nan application running as root that is updating files in a directory owned\nby a non-root service user) could have been tricked into overwriting\narbitrary files or leaking information via a symbolic link or mount point\nattack (CVE-2012-0786, CVE-2012-0787).\n\nA flaw was found in the way Augeas handled certain umask settings when\ncreating new configuration files. This flaw could result in configuration\nfiles being created as world writable, allowing unprivileged local users to\nmodify their content (CVE-2013-6412).\n","modified":"2026-04-16T06:26:10.049403304Z","published":"2014-02-12T17:10:49Z","upstream":["CVE-2012-0786","CVE-2012-0787","CVE-2013-6412"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0058.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=11721"},{"type":"WEB","url":"https://rhn.redhat.com/errata/RHSA-2013-1537.html"},{"type":"WEB","url":"https://rhn.redhat.com/errata/RHSA-2014-0044.html"}],"affected":[{"package":{"name":"augeas","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/augeas?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.0-1.1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0058.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}