DSA-2765-2 davfs2 -- privilege escalationID: oval:org.secpod.oval:def:601716 | Date: (C)2014-07-28 (M)2022-10-10 |
Class: PATCH | Family: unix |
The update released for davfs2 in DSA 2765 had a version number for Debian 7 "wheezy" that sorts lower than the version in Debian 6 "squeeze", causing problems on upgrades. This update makes a package of davfs2 in wheezy available which corrects only the version number. For reference, the original advisory follows. Davfs2, a filesystem client for WebDAV, calls the function system insecurely while is setuid root. This might allow a privilege escalation.