Solution
Please Install the Updated Packages.
Insight
The Zero Install Injector makes it easy for users to install software without needing root privileges. It takes the URL of a program and runs it (downloading it first if necessary). Any dependencies of the program are fetched in the same way. The user controls which version of the program and its dependencies to use.
Zero Install is a decentralized installation system (there is no central repository all packages are identified by URLs), loosely-coupled (if different programs require different versions of a library then both versions are installed in parallel, without conflicts), and has an emphasis on security (all package descriptions are GPG-signed, and contain cryptographic hashes of the contents of each version). Each version of each program is stored in its own sub-directory within the Zero Install cache (nothing is installed to directories outside of the cache, such as /usr/bin) and no code from the package is run during install or uninstall. The system can automatically check for updates when software is run.
Affected
zeroinstall-injector on Fedora 19
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-2098, CVE-2013-2099 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities