Mandriva Linux Security Advisory : readline (MDVSA-2015:132)
Low Nessus Plugin ID 82385
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated readline packages fix security vulnerability :
Steve Kemp discovered the _rl_tropen() function in readline insecurely handled a temporary file. This could allow a local attacker to perform symbolic link attacks (CVE-2014-2524).
Also, upstream patches have been added to fix an infinite loop in vi input mode, and to fix an issue with slowness when pasting text.
SolutionUpdate the affected lib64readline-devel, lib64readline6 and / or readline-doc packages.