CESA-2009:0005 -- centos 4 ia64 gnome-vfs2ID: oval:org.secpod.oval:def:200565 | Date: (C)2012-01-31 (M)2021-06-02 |
Class: PATCH | Family: unix |
GNOME VFS is the GNOME virtual file system. It provides a modular architecture and ships with several modules that implement support for various local and remote file systems as well as numerous protocols, including HTTP, FTP, and others. A buffer overflow flaw was discovered in the GNOME virtual file system when handling data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could use this flaw to execute arbitrary code on the victim"s machine. Users of gnome-vfs and gnome-vfs2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running GNOME sessions must be restarted for the update to take effect.