U radu programskog paketa JS uočeno je više sigurnosnih propusta koje udaljeni napadač može iskoristiti za neovlašteni pristup sustavu, pristup osjetljivim informacijama, proizvoljno pokretanje skriptnog i programskog koda, itd.
Paket:
js 1.x
Operacijski sustavi:
Fedora 15
Problem:
cjelobrojno prepisivanje, korupcija memorije, pogreška u programskoj komponenti, XSS
Iskorištavanje:
udaljeno
Posljedica:
izmjena podataka, neovlašteni pristup sustavu, otkrivanje osjetljivih informacija, proizvoljno izvršavanje programskog koda, umetanje HTML i skriptnog koda
Rješenje:
programska zakrpa proizvođača
Izvorni ID preporuke:
FEDORA-2011-8627
Izvor:
Fedora
Problem:
Sigurnosni propusti su posljedica pogrešaka u "WebGL" komponenti, cjelobrojnog prepisivanja u polju "Array.reduceRight()", pogrešaka pri rukovanju XUL dokumentima, itd.
Posljedica:
Udaljeni napadač propuste može iskoristiti za neovlašteni pristup sustavu, pristup osjetljivim podacima, pokretanje proizvoljnog programskog koda, itd.
Rješenje:
Svim se korisnicima navedenog programskog paketa, u svrhu zaštite sigurnosti, savjetuje korištenje dostupnih programskih nadogradnji.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-8627
2011-06-24 02:47:06
--------------------------------------------------------------------------------
Name : js
Product : Fedora 15
Version : 1.8.5
Release : 6.fc15
URL : http://www.mozilla.org/js/
Summary : JavaScript interpreter and libraries
Description :
JavaScript is the Netscape-developed object scripting language used in
millions
of web pages and server applications worldwide. Netscape's JavaScript is a
superset of the ECMA-262 Edition 3 (ECMAScript) standard scripting language,
with only mild differences from the published standard.
--------------------------------------------------------------------------------
Update Information:
Update to new upstream Firefox version 5.0, fixing multiple security issues
detailed in the upstream advisories:
* http://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox5
See upstream release notes for more information about this new version:
* http://www.mozilla.com/en-US/firefox/5.0/releasenotes/
This update ALSO contains a change to the GNOME 3 shell's gjs library, to make
it use the standalone js package, to reduce risk of regression.
It also includes all packages depending on gecko-libs rebuilt against the new
version of Firefox / XULRunner.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #676437 - Build gjs against the standalone SpiderMonkey package
'js', not XULRunner's copy
https://bugzilla.redhat.com/show_bug.cgi?id=676437
[ 2 ] Bug #715188 - Update to Firefox 5.0
https://bugzilla.redhat.com/show_bug.cgi?id=715188
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update js' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke