Name : catfish Product : Fedora 20 Version : 1.0.1 Release : 1.fc20 URL : https://launchpad.net/catfish-search Summary : A handy file search tool Description : Catfish is a handy file searching tool. The interface is intentionally lightweight and simple, using only GTK+3. You can configure it to your needs by using several command line options.
In the previous rpm, catfish used a wrapper launching script using some bad logic for searching paths, which might lead to arbitrary code execution exploit by malicious local user. This vulnerability is now assigned as CVE-2014-2093 through CVE-2014-2096.
This new rpm should fix this issue. ------------------------------------------------------------------------------- - ChangeLog:
* Sun Mar 2 2014 Mamoru TASAKA <mtasaka@fedoraproject.org> - 1.0.1-1 - 1.0.1 - Fix insecure loading of script at startup (CVE-2014-2093 through CVE-2014-2096, bug 1069398) * Sat Feb 15 2014 Mamoru TASAKA <mtasaka@fedoraproject.org> - 1.0.0-1 - 1.0.0 ------------------------------------------------------------------------------- - References:
This update can be installed with the "yum" update program. Use su -c 'yum update catfish' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.