U radu programskog paketa Tomboy uočen je propust čijim se iskorištavanjem mogu zaobići postavljena sigurnosna ograničenja.
| Paket: |
tomboy 1.x |
| Operacijski sustavi: |
Fedora 14 |
| Kritičnost: |
6.9 |
| Problem: |
pogreška u programskoj komponenti |
| Iskorištavanje: |
lokalno |
| Posljedica: |
zaobilaženje postavljenih ograničenja |
| Rješenje: |
programska zakrpa proizvođača |
| CVE: |
CVE-2010-4005 |
| Izvorni ID preporuke: |
FEDORA-2011-7994 |
| Izvor: |
Fedora |
| |
| Problem: |
Propusti se javljaju u skriptama tomboy i tomboy-panel zbog neodgovarajućeg rukovanja varijablom LD_LIBRARY_PATH.
|
| Posljedica: |
Propust je moguće iskoristiti za obilaženje određenih sigurnosnih restrikcija.
|
| Rješenje: |
Savjetuje se primjena izdane nadogradnje.
|
Izvorni tekst preporuke
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-7994
2011-06-07 03:41:27
--------------------------------------------------------------------------------
Name : tomboy
Product : Fedora 14
Version : 1.6.0
Release : 1.fc14
URL : http://projects.gnome.org/tomboy/
Summary : Note-taking application
Description :
Tomboy is a desktop note-taking application which is simple and easy to use.
It lets you organise your notes intelligently by allowing you to easily link
ideas together with Wiki style interconnects.
--------------------------------------------------------------------------------
Update Information:
Version 1.6.0:
* Grammar and language fixes (bgo#642156)
* Changed GetSelectedNotebook from private to public so it can be used by
add-ins (Robert Nordan)
* Fix tomboy insecure LD_LIBRARY_PATH (bgo#635614, Luis Medinas)
* Fix CVE-2010-4005 (Luis Medinas). Originally found by Ludwig Nussel
<Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
* Fix Remove title format from add-ins descriptions (bgo#636606, Paul Cutler)
* Fix Replace Computer Name with Login Name in SSH sync setup (bgo#633605,
Paul Cutler)
* Translation Updates: es, br, io, bg, cn, cz, dut, fr, gl, de, el, gu, he,
hu, in, ja, ko, lv, no, pl, pt, ru, sk, sl, sv, th, ug, and zh.
* Added new translation Luganda (ug).
Packaging changes:
* The .desktop file is included.
* For F14, the panel applet is enabled.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 2 2011 Thomas Moschny <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.6.0-1
- Update to 1.6.0, also fixes CVE-2010-4005.
- Simply create the missing dir instead of patching Makefile.am.
- Include the .desktop file (bz 672406).
- Use pkgconfig(...)-style BRs.
- Add missing BR on GConf2.
- Re-enable the panel applet for F14 (bz 637416).
- Minor cosmetics.
* Mon Oct 25 2010 Ray Strode <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.4.2-1
- Update to 1.4.2
Related: #646666
* Thu Sep 30 2010 Matthias Clasen <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.4.0-1
- Update to 1.4.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #644606 - CVE-2010-4005 tomboy: insecure library loading
vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=644606
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update tomboy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-7997
2011-06-07 03:41:34
--------------------------------------------------------------------------------
Name : tomboy
Product : Fedora 15
Version : 1.6.0
Release : 1.fc15
URL : http://projects.gnome.org/tomboy/
Summary : Note-taking application
Description :
Tomboy is a desktop note-taking application which is simple and easy to use.
It lets you organise your notes intelligently by allowing you to easily link
ideas together with Wiki style interconnects.
--------------------------------------------------------------------------------
Update Information:
Version 1.6.0:
* Grammar and language fixes (bgo#642156)
* Changed GetSelectedNotebook from private to public so it can be used by
add-ins (Robert Nordan)
* Fix tomboy insecure LD_LIBRARY_PATH (bgo#635614, Luis Medinas)
* Fix CVE-2010-4005 (Luis Medinas). Originally found by Ludwig Nussel
<Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
* Fix Remove title format from add-ins descriptions (bgo#636606, Paul Cutler)
* Fix Replace Computer Name with Login Name in SSH sync setup (bgo#633605,
Paul Cutler)
* Translation Updates: es, br, io, bg, cn, cz, dut, fr, gl, de, el, gu, he,
hu, in, ja, ko, lv, no, pl, pt, ru, sk, sl, sv, th, ug, and zh.
* Added new translation Luganda (ug).
Packaging changes:
* The .desktop file is included.
* For F14, the panel applet is enabled.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 2 2011 Thomas Moschny <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.6.0-1
- Update to 1.6.0, also fixes CVE-2010-4005.
- Simply create the missing dir instead of patching Makefile.am.
- Include the .desktop file (bz 672406).
- Use pkgconfig(...)-style BRs.
- Add missing BR on GConf2.
- Re-enable the panel applet for F14 (bz 637416).
- Minor cosmetics.
* Wed Feb 9 2011 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- 1.5.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #644606 - CVE-2010-4005 tomboy: insecure library loading
vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=644606
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update tomboy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke