Detalji

U radu programskog paketa Bip, namijenjenog operacijskom sustavu Fedora 13, uočen je sigurnosni nedostatak. Riječ je o posrednom poslužitelju (eng. proxy) za IRC protokol koji se koristi za ostvarivanje stalne veze prema nekom IRC poslužitelju, spremanje dnevničkih zapisa, i dr. Nedostatak je poljedica pogreške u načinu na koji spomenuti paket rukuje korisničkim podacima za autentikaciju (eng. user credentials), točnije u funkciji "bip_on_event()" u datoteci src/irc. Napadaču takva situacija omogućuje izvođenje DoS napada (rušenje poslužitelja). Korisnike se potiče na instalaciju nadogradnje.

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-15774
2010-10-05 09:00:26
--------------------------------------------------------------------------------

Name        : bip
Product     : Fedora 13
Version     : 0.8.6
Release     : 1.fc13
URL         : http://bip.t1r.net
Summary     : IRC Bouncer
Description :
Bip is an IRC proxy, which means it keeps connected to your preferred IRC
servers, can store the logs for you, and even send them back to your IRC
client(s) upon connection.
You may want to use bip to keep your logfiles (in a unique format and on a
unique computer) whatever your client is, when you connect from multiple
workstations, or when you simply want to have a playback of what was said
while you were away.

--------------------------------------------------------------------------------
Update Information:

Update to upstream v0.8.6
--------------------------------------------------------------------------------
ChangeLog:

* Sat Oct  2 2010 Brian C. Lane <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.8.6-1
- Upstream v0.8.6
* Sat Mar 27 2010 Lorenzo Villani <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.8.4-3
- Install bipgenconfig as requested in bz #566879
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #630437 - CVE-2010-3071 Bip: Remote Dos (crash) by exchanging user
credentials
        https://bugzilla.redhat.com/show_bug.cgi?id=630437
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update bip' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Idi na vrh