Otkriven je i ispravljen sigurnosni nedostatak vezan uz programski paket Libvoikko. Udaljeni napadač sigurnosne ranjivosti navedenog paketa može iskoristiti za napad uskraćivanjem usluga (DoS).
Paket:
libvoikko 3.x
Operacijski sustavi:
Fedora 14, Fedora 15
Problem:
neodgovarajuća provjera ulaznih podataka
Iskorištavanje:
udaljeno
Posljedica:
uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
Izvorni ID preporuke:
FEDORA-2011-8232
Izvor:
Fedora
Problem:
Sigurnosni propust se javlja zbog pogrešnog rukovanja NULL znakovima u ulaznim nizovima podataka.
Posljedica:
Udaljeni napadač navedeni propust može iskoristiti za DoS (eng. Denial of Service) napad.
Rješenje:
Svim se korisnicima navedenog programskog paketa savjetuje nadogradnja paketa na novije inačice.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-8232
2011-06-14 09:54:18
--------------------------------------------------------------------------------
Name : libvoikko
Product : Fedora 14
Version : 3.0
Release : 3.fc14
URL : http://voikko.sourceforge.net/
Summary : Voikko is a library for spellcheckers and hyphenators
Description :
This is libvoikko, library for spellcheckers and hyphenators using Malaga
natural language grammar development tool. The library is written in C.
Currently only Finnish is supported, but the API of the library has been
designed to allow adding support for other languages later. Note however that
Malaga is rather low level tool that requires implementing the whole
morphology
of a language as a left associative grammar. Therefore languages that have
simple or even moderately complex morphologies and do not require
morphological
analysis in their hyphenators should be implemented using other tools such as
Hunspell.
--------------------------------------------------------------------------------
Update Information:
Backport a security fix from version 3.2.1: Fix handling of embedded null
characters in input strings entered through the Python interface. The bug could
be used to cause denial of service conditions and possibly other problems. Users
of these interfaces are recommended to upgrade to this release. Applications
that use the native C++ library directly (this includes all well known desktop
applications) are not affected by this bug and no changes to the native library
have been made in this release.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 12 2011 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> - 3.0-3
- Security update: fixes handling of embedded null characters in input strings
entered through the Python interface.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update libvoikko' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-8227
2011-06-14 09:53:36
--------------------------------------------------------------------------------
Name : libvoikko
Product : Fedora 15
Version : 3.2.1
Release : 1.fc15
URL : http://voikko.sourceforge.net/
Summary : Voikko is a library for spellcheckers and hyphenators
Description :
This is libvoikko, library for spellcheckers and hyphenators using Malaga
natural language grammar development tool. The library is written in C.
Currently only Finnish is supported, but the API of the library has been
designed to allow adding support for other languages later. Note however that
Malaga is rather low level tool that requires implementing the whole
morphology
of a language as a left associative grammar. Therefore languages that have
simple or even moderately complex morphologies and do not require
morphological
analysis in their hyphenators should be implemented using other tools such as
Hunspell.
--------------------------------------------------------------------------------
Update Information:
Backport a security fix from version 3.2.1: Fix handling of embedded null
characters in input strings entered through the Python interface. The bug could
be used to cause denial of service conditions and possibly other problems. Users
of these interfaces are recommended to upgrade to this release. Applications
that use the native C++ library directly (this includes all well known desktop
applications) are not affected by this bug and no changes to the native library
have been made in this release.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 12 2011 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> - 3.2.1-1
- New upstream release
- Fixes handling of embedded null characters in input strings entered through
Python or Java interfaces.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update libvoikko' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke