CVE-2013-6412

Synopsis Moderate: augeas security update Type/Severity Security Advisory: Moderate Topic Updated augeas packages that fix one security issue are now available forRed Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vulnerability Sco ...

Debian Bug report logs - #731132 augeas: CVE-2012-0786, CVE-2012-0787 Package: augeas; Maintainer for augeas is Hilko Bengen <bengen@debianorg>; Reported by: Raphael Geissert <geissert@debianorg> Date: Mon, 2 Dec 2013 11:09:01 UTC Severity: important Tags: patch, security Fixed in version augeas/072-1+deb6u1 D ...

Debian Bug report logs - #731111 augeas: CVE-2013-6412 Package: augeas; Maintainer for augeas is Hilko Bengen <bengen@debianorg>; Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Mon, 2 Dec 2013 08:54:02 UTC Severity: important Tags: patch, security Fixed in version augeas/072-1+deb6u1 Done: Raphael Geiss ...

A flaw was found in the way Augeas handled certain umask settings when creating new configuration files This flaw could result in configuration files being created as world writable, allowing unprivileged local users to modify their content (CVE-2013-6412) ...

The transform_save function in transformc in Augeas 100 through 110 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors ...